Audit Reports 


Module 
1 ‘Professional Standards 
2 Audit Engagements 
3 Forming an Audit Opinion 
4 Unmodified (Unqualified) Opinion 
5 Modified Opinions Due to Financial Statement Issues 
6 Modified Opinions Due to Audit Issues 
7 Emphasis-of-Matter, Other-Matter, and 
Explanatory Paragraphs 
8 Reporting With Different Opinions and Other Auditors 
9 Subsequent Events 
10 Other Information and Supplementary Information 
11. Special Purpose Frameworks 


83 


91 


NOTES 


© Becker Professional Education Corporation. All rights reserved. 


MODULE + 


Professional Standards 


1 ‘Professional Standards 


The Auditing and Attestation section tests audits of issuers, nonissuers, governmental entities, 
not-for-profit entities, and employee benefit plans. In addition to audits, this section also 

tests other types of engagements that an accountant may be called upon to perform, such as 
accounting and review service engagements and attestation and assurance engagements. Each 
engagement requires the accountant to follow the applicable ethical guideline(s) and standard(s) 
for the engagement. For example, an audit engagement requires the auditor to perform the 
audit in accordance with generally accepted auditing standards (GAAS). These engagements and 
applicable standards will be covered in more detail in later modules. 


Below is an overview of standards and guidelines that will be tested in this section: 


Professional Standards and Guidelines 


Standard/ Section Standard- 
Guideline | Reference | Setting Body Description Applies to: 
Audits 
Statements AU-C AICPA SAS provide generally e Audits of annual 
on Auditing Auditing accepted auditing historical financial 
Standards Standards standards for the audits of statements: nonissuers 
(SAS) Board nonissuers. |n addition, Sheri) . 
SAS provide guidance for eee PEP OMe: 
other services, such as HONSSHers 
review of interim financial © Interim financial 
information and letters to statements (where 
underwriters. the annual financial 
statements have been 
audited): nonissuers 
Public PCAOB AS | Public PCAOB AS provide e Audits of annual 
Company Company generally accepted auditing historical financial 
Accounting Accounting standards for the audits of statements: issuers 
Oversight Oversight issuers. In addition, PCAOB | | Snadial fe 
Board Board AS provide guidance for a 
Auditing other services, such as e Interim financial 
Standards review of interim financial statements: issuers 
(PCAOB AS) information and letters to 
underwriters. 
Generally GAGAS Governmental | GAGAS provide guidance Financial or performance 
Accepted Accountability | for audits of government audits of government 
Government Office organizations, programs, organizations, programs, 
Auditing activities, and of entities activities, and of 
Standards that receive government entities that receive 
(GAGAS) funds. government funds. 
© Becker Professional Education Corporation. All rights reserved. Module 1 A1-3 


Professional Standards 


AUD 1 


Quality Control 
Standards 
(SQCS) 


to CPA firms about a 
quality control system. 

A quality control system 
consists of policies and 
procedures designed, 
implemented, and 
maintained to ensure 
that the firm complies 
with professional 
standards and 
appropriate legal and 
regulatory requirements, 
and that any reports 
issued are appropriate in 
the circumstances. 


Standard/ Section Standard- 
Guideline Reference | Setting Body Description Applies to: 
Other Engagements 
Statements AT-C AICPA SSAE provide guidance Examination, a review, or 
on Standards for attestation agreed-upon procedures 
for Attestation engagements. report on a subject matter, 
Engagements or an assertion about 
(SSAE) a subject matter, that 
is the responsibility of 
another party. 
Statements AR-C AICPA SSARS provide guidance © Preparation, 
on Standards Accounting for unaudited financial compilation, and reviews 
for Accounting and Review statements or unaudited of historical financial 
and Review Services financial information of statements: nonissuers 
Services Committee nonissuers. ‘ 
© Preparation or 
(SSARS) siags 
compilation of pro forma 
financial information and 
forecasts: nonissuers 
Guidelines 
Code of ET AICPA The AICPA Code of Members of the AICPA 
Professional Professional Conduct 
Conduct provides members with 
guidelines for behavior 
in the conduct of their 
professional affairs. In 
addition, it provides 
assurance to the public 
that the profession 
intends to maintain 
high standards and to 
enforce compliance 
with these standards by 
its members. 
Statements on Qc AICPA SQCS provides guidance CPA firms providing 


auditing, attestation, and 
accounting and review 
services. 
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2 Auditing Guidance: The GAAS Hierarchy 


There are three levels of audit guidance: 


Most 
Authoritative 


Least 
Authoritative 


1. SAS (Nonissuers) and PCAOB AS (Issuers) 


The auditor should: 


e Use professional judgment in applying the SAS or PCAOB AS to a particular 
engagement. 


e Be prepared to justify any departures from presumptively mandatory 
requirements. 


Specific language is used within the standards to clarify the auditor's level of 

responsibility: 

e "Must" or "is required" indicates an unconditional requirement, which 
must be followed in all cases in which the requirement is relevant. 


e "Should" indicates a presumptively mandatory requirement, which must 
be followed in all cases in which the requirement is relevant, except in 
rare circumstances when departure from the requirement is permitted 
if there is appropriate justification, performance of sufficient alternative 
procedures, and thorough documentation. 


e "May," "might," and "could" indicate explanatory material that does not 
impose a professional requirement for performance. 


2. Interpretive Publications 


Interpretive publications are recommendations regarding how SASs should be 
applied in specific situations. They are not considered to be auditing standards. 


The auditor should: 
© Consider the guidance provided by these publications in performing an audit. 


e Be able to explain any departures, and how compliance with standards was 
otherwise achieved. 


Examples include: Auditing interpretations of GAAS, exhibits to GAAS, auditing 
guidance provide in AICPA Audit and Accounting Guides, and AICPA Auditing 
Statements of Position (SOP). 


3. Other Auditing Publications 


Other auditing publications have no authoritative status but may be helpful to 
the auditor. 


The auditor should: 
e Consider the guidance provided by these publications in performing an audit. 


° Be able to explain any departures, and how compliance with standards was 
otherwise achieved. 


Examples include: Auditing articles in the Journal of Accountancy (or other 
professional journal), auditing articles in the AICPA CPA Letter, continuing 
professional education materials, textbooks, and other auditing publications. 
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2 Audit Engagements 


1 Audit Process Overview 


General Principles 


Overall objectives 
Documentation 
Communication 
Quality control—firm 


Engagement Acceptance 


Ethics and independence 
Terms of engagement 


Assess Risk and Plan Response 


Audit planning, including audit strategy 
Materiality 

Risk assessment procedures: 

¢ Understand the entity and its environment 
¢ Understand internal control 

Identify and assess risk 

Respond to risk 


Perform Procedures and Obtain Evidence 


Test of controls, if applicable 
Substantive testing 


Form Conclusions 


Subsequent events 
Management representation 
Evaluate audit results 
Quality control—engagement 


Reporting 


Report on audited financial statements 
Other reporting considerations 
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2 The Independent Audit Function: The Basics 


The purpose of an audit is to provide financial statement users with an opinion on whether 
the financial statements are presented fairly, in all material respects, in accordance with the 
applicable financial reporting framework. 


Pass Key 


The applicable financial reporting framework is the financial reporting framework that is 
acceptable in view of the nature of the entity and the objective of the financial statements, or 
that is required by law or regulation. Acceptable financial reporting frameworks include general 
purpose frameworks designed to meet the needs of a wide range of users (e.g., U.S. GAAP and 
International Financial Reporting Standards [IFRSs]), and special purpose frameworks. 


The auditor's report gives credibility to the financial statements. The auditors, as a group 
independent of management, have an objective view and can report on a company's activities 
without bias or conflict of interest. Without a report from an independent auditor, a company's 
financial statements would be meaningless, because the public would have little faith in financial 
statements issued by the inherently biased company. 


The financial statements of an enterprise are prepared by the management of the enterprise, 
not by the independent auditor. Further, the financial statements are the product and property 
of the enterprise; the independent auditor merely audits and expresses an opinion on them. 


2.1 Management Responsibilities 


An audit is conducted on the premise that management and, when appropriate, those charged 
with governance are responsible for: 


1. the preparation and fair presentation of the financial statements in accordance with the 
applicable financial reporting framework; 


2. the design, implementation, and maintenance of internal control relevant to the preparation 
and fair presentation of financial statements that are free of material misstatement due to 
error or fraud; and 


3. providing the auditor with access to information and persons within the entity needed to 
complete the audit. 


Pass Key 


The preparation and fair presentation of the financial statements requires: 
1. identification of the applicable financial reporting framework; 


2. preparation and fair presentation of the financial statements in accordance with the 
framework; and 


3. inclusion of an adequate description of the framework in the financial statements. 
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2.2 Auditor Responsibilities 


The auditor is responsible for expressing an opinion on the financial statements based on the 
audit. The auditor is also responsible for: 


maintaining professional skepticism; 
complying with relevant ethical requirements; 


exercising professional judgment throughout the planning and performance of the audit; 


PWN > 


obtaining sufficient appropriate audit evidence; and 


5. complying with generally accepted auditing standards (GAAS). 


2.2.1 Professional Skepticism 


The auditor should plan and perform the audit with professional skepticism. Professional 
skepticism is an attitude that the auditor must apply when making professional judgments that 
provide the basis for the auditor's actions. Professional skepticism is necessary to the critical 
assessment of audit evidence. Auditors should be alert for: 


= Audit evidence that contradicts other audit evidence obtained. 


= Information that calls into question the reliability of documents (including the identified 
controls over the preparation and maintenance of such information) and responses to 
inquiries that may be used as audit evidence. 


= Conditions that indicate possible fraud. 


= Circumstances that suggest the need for audit procedures in addition to those required 
by GAAS. 


= Audit evidence that may impact the auditor's consideration of the initial identification and 
assessment of the risks of material misstatement. 


L Pass Key 


The auditor should neither assume that management is dishonest nor assume 
unquestioned honesty. A belief that management is honest and has integrity does not 
relieve the auditor of the need to maintain professional skepticism or allow the auditor to 
be satisfied with less than persuasive evidence. 


2.2.2 Impediments to Acting With Professional Skepticism 


An auditor should act with professional skepticism throughout the audit. However, auditors 
often feel challenged to meet this requirement because of impediments to applying professional 
skepticism during an audit. Examples of impediments include: 


=m Unconscious human bias, which may cause the auditor to evaluate and recall information 
that favors the interest of the client over the interest of the investor or favors evidence 
that corroborates, rather than contradicts, the existence of risks. This may be facilitated by 
incentives and pressures to maintain and build client relationships, provide an unmodified 
(unqualified) opinion, keep audit costs low, or cross-sell other services. 


= Development of an inappropriate level of trust or confidence in management, which may 
result in the auditor not taking as questioning a stance as needed. 
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= Pressure to avoid potential negative interactions with, or consequences to, individuals 
whom auditors know (e.g., management) instead of representing the interest of investors. 


=m Scheduling and workload demands, which may result in auditors making shortcuts in 
judgment, such as seeking audit evidence that is easier to obtain rather than evidence 
that is more reliable and relevant, or giving more weight to supporting evidence without 
considering contrary evidence. 


2.2.3 Ethical Requirements 


The auditor should comply with ethical requirements related to financial statement audit 
engagements, including independence in both fact and appearance. Ethical requirements include 
the AICPA Code of Professional Conduct and the rules of the state boards of accountancy and 
applicable regulatory agencies that are more restrictive. 


Va Pass Key 


The auditor must be independent of an entity when performing an engagement in 
accordance with GAAS unless: a) GAAS provides otherwise, or b) the auditor is required by 
law or regulation to accept the engagement and report on the financial statements. 


2.2.4 Professional Judgment 


The auditor should exercise professional judgment in planning and performing an audit. 
Professional judgment is necessary because an audit requires interpretation of ethical 
requirements and GAAS, as well as informed decisions based on the application of knowledge 
and experience. 


In an audit, professional judgment is necessary when making decisions about: 


= Materiality 

m= Audit risk 

=m The nature, extent, and timing of audit procedures 

= Evaluating whether sufficient, appropriate evidence has been obtained 
= Evaluating management's judgments in applying the applicable financial 


reporting framework 


= Drawing conclusions based on the audit evidence obtained 


2.2.5 Sufficient Appropriate Audit Evidence and Audit Risk 


To obtain reasonable assurance, the auditor should obtain sufficient appropriate audit 
evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw 
reasonable conclusions on which to base the auditor's opinion. 


2.2.6 Compliance With GAAS 


The auditor should not represent compliance with GAAS in the auditor's report unless the 
auditor has complied with all GAAS relevant to the audit. If the objective of a relevant GAAS 
section cannot be achieved, the auditor should consider whether this prevents the auditor from 
achieving the overall objectives of the auditor and thereby requires the auditor, in accordance 
with GAAS, to modify the auditor's opinion or withdraw from the engagement. 
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In certain audit engagements, the auditor may be required to comply with other auditing 
requirements in addition to GAAS. GAAS do not override laws or regulations that govern an audit 
of financial statements. The auditor may conduct the audit in accordance with both GAAS and: 


= auditing standards issued by the PCAOB; 

requirements of the Employee Retirement Income Security Act of 1974 (ERISA); 
International Standards on Auditing (ISAs); 

government auditing standards (GAGAS); or 


auditing standards of a specific jurisdiction or country. 


2.3. Reasonable Assurance and Inherent Limitations of an Audit 


In order to express an opinion, the auditor obtains reasonable assurance about whether the 
financial statements are free from material misstatement, whether due to error or fraud. 


Reasonable assurance is a high, but not absolute, level of assurance. In order to obtain 
reasonable assurance, the auditor must: 


1. plan the work and properly supervise any assistants; 

2. determine and apply appropriate materiality levels; 

3. identify and assess risks of material misstatement, whether due to fraud or error; and 
4. obtain sufficient appropriate audit evidence. 


The auditor is unable to obtain absolute assurance that the financial statements are free from 
material misstatement because of the following inherent limitations: 


= The Nature of Financial Reporting: Some financial statement items are subject to 
an inherent level of variability because they involve judgment by management or 
because they involve subjective decisions or assessments or a degree of uncertainty 
(e.g., accounting estimates). 


= The Nature of Audit Procedures: There are practical and legal limits on an auditor's ability 
to obtain audit evidence, including: 


e The possibility that management or others may not provide, intentionally or 
unintentionally, the complete information that is needed for the preparation and 
presentation of the financial statements or that is requested by the auditor. 


e Fraud may be concealed in such a way that it is difficult to detect with audit procedures. 


e An audit is neither an investigation into a wrongdoing nor does the auditor have specific 
legal powers. 


= Timeliness of Financial Reporting and the Balance Between Cost and Benefit: There is 
an expectation by users of financial statements that the auditor will form an opinion on the 
financial statements within a reasonable period of time and will achieve a balance between 
benefit and cost, recognizing that it is impracticable to address all information that may 
exist. Therefore, it is necessary for the auditor to: 


e — plan the audit so that it is performed effectively; 
e direct efforts to areas most expected to contain risks of material misstatement; and 
e use testing and other means of examining populations for misstatement. 
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3 Determine the Nature and Scope of the Engagement 


The following should be considered as the auditor, the audit committee, and management 
determine the appropriate nature and scope of the engagement: 


= An auditor may be hired to perform an audit for a single period or multiple periods. 


=m An audit may be on the complete financial statement; single financial statement; or specific 
elements, accounts, or items of a financial statement. 


=m Many audit firms are hired to perform tax services in addition to audit services. 


3.1  Nonissuers 


When auditing nonissuers, the auditor must determine if an audit is the most appropriate 
engagement, or whether a review, compilation, or preparation may be more appropriate. If an 
audit is needed, nonissuers have the choice of: 


= afinancial statement audit only (where one opinion is rendered on the fairness of the 
financial statements); or 


= anintegrated audit (where two opinions are rendered: one opinion on the fairness of the 
financial statements and one opinion on the operating effectiveness of internal controls 
over financial reporting). 


3.2 Issuers 


When auditing issuers, the auditor must perform an integrated audit of the client's financial 
statements and internal controls over financial reporting (covered later). 


4 Overall Objectives of Audit Engagements 


4.1 Objectives of the Financial Statement Audit 


The overall objectives of the auditor when conducting a financial statement audit (which apply to 
audits of issuers, nonissuers, and governmental entities) are: 


1. to obtain reasonable assurance about whether the financial statements as a whole are free 
from material misstatement, whether due to error or fraud, which enables the auditor to 
express an opinion on whether the financial statements are presented fairly, in all material 
respects, in accordance with an applicable financial reporting framework; and 


2. to report on the financial statements and communicate as required by GAAS based on the 
auditor's findings. 
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4.2 Objectives of the Audit of Internal Control Over Financial Reporting 


Issuers are required to have an integrated audit of financial statements and internal control over 
financial reporting. In some cases, nonissuers and governmental entities may also have an audit 
of internal control over financial reporting. The overall objectives of the auditor when conducting 
an audit of internal control over financial reporting are: 


1. Express an opinion on the effectiveness of the company's internal control over financial 
reporting; and 


2. Plan and perform the audit to obtain appropriate evidence that is sufficient to obtain 
reasonable assurance about whether material weaknesses exist as of the date specified in 
management's assessment. 


Audits of internal control over financial reporting must be integrated with an audit of the 
financial statements. 


4.3 Objectives of the ERISA Plan Financial Statements Audit 


The overall objectives of the auditor when conducting an ERISA plan financial statement audit are: 


= Accept an ERISA plan audit engagement when the basis upon which it is to be performed 
has been agreed upon through establishing whether the preconditions for the audit are 
present. 


= Appropriately plan and perform the audit of ERISA plan financial statements, including 
procedures required by this SAS on the certified investment information when management 
elects an ERISA Section 103(a)(3)(C) audit. 


= Forman opinion on the ERISA plan financial statements based on an evaluation of the audit 
evidence obtained, including evidence obtained about comparative financial statements. 


=m Express clearly the opinion on the ERISA plan financial statements through a written report. 


= Perform procedures and report on the presentation of the supplementary information in 
accordance with this SAS. 


= Appropriately communicate to management and those charged with governance reportable 
findings that the auditor has identified during the audit of the ERISA plan financial 
statements. 
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Forming an Audit Opinion 


1.‘ Forming an Opinion on the Financial Statements 


The auditor should form an opinion on whether the financial statements are presented fairly, in 
all material respects, in accordance with the applicable financial reporting framework. 


In order to form that opinion, the auditor should take into account the following: 
1. Whether sufficient appropriate audit evidence was obtained (as required by GAAS); 
2. Whether uncorrected misstatements are material, individually or in the aggregate; and 


3. Whether the financial statements are prepared, in all material respects, in accordance with 
the requirements of the applicable financial reporting framework (i.e., GAAP). 


Financial statements generally mean a complete set of general-purpose financial statements, 
including disclosures. The applicable financial reporting framework determines the form and 
content of a complete set of financial statements. For example, under U.S. GAAP a complete 
set of financial statements includes a balance sheet, a statement of income (or comprehensive 
income), a statement of changes in equity, a cash flow statement, and disclosures. 


When forming the opinion, the auditor should evaluate whether, based on the applicable 
financial reporting framework: 


= The financial statements adequately disclose the significant accounting policies selected and 
applied, including a description of the applicable financial reporting framework. 


=m The accounting policies selected and applied are consistent with the applicable financial 
reporting framework and are appropriate. 


=m The accounting estimates and related disclosures made by management are reasonable. 


= The information presented in the financial statements is relevant, reliable, comparable, 
and understandable. 


= The financial statements provide adequate disclosures to enable the intended users to 
understand the effect of material transactions and events on the information conveyed in 
the financial statements. 


=m The terminology used in the financial statements, including the title of each financial 
statement, is appropriate. 


=m The overall structure and content of the financial statements is fairly presented. 


= The financial statements, including disclosures, represent the underlying transactions and 
events in a manner that achieves fair presentation. 
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Va Pass Key 


The auditor refers to generally accepted auditing standards (GAAS) for guidelines on how to 
perform the audit (e.g., inventory count should be observed by the auditor). 


The auditor refers to the financial reporting framework (e.g., U.S. GAAP) to evaluate whether 
the transactions are recorded and reported fairly in the financial statements (e.g., land should 
not be depreciated). 


2 ‘Types of Opinions 


inancial Statement, 
materially Corre} 


Materiality of Issue 


2.1 Unmodified (Unqualified) Opinion 


An unmodified (unqualified) opinion states that the financial statements present fairly, in all 
material respects, the financial position, results of operations, and cash flows of the entity in 
conformity with the applicable financial reporting framework. Note that unmodified is the term 
used for nonissuers and unqualified is the term used for issuers. 


In certain circumstances, the auditor may determine that it is necessary to add additional 
communications to the auditor's report without modifying the auditor's opinion. This is done 
using emphasis-of-matter, other-matter, and explanatory paragraphs. Nonissuers use the terms 
emphasis-of-matter and other-matter, and issuers use the term explanatory. 
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2.2 Modifications to the Auditor's Opinion 
The auditor's report should be modified when: 


1. the auditor concludes that the financial statements as a whole are materially misstated 
(financial statement issue); or 


2. the auditor is unable to obtain sufficient appropriate audit evidence to conclude that the 
financial statements as a whole are free from material misstatement (audit issue). 


2.2.1 Types of Modified Opinions 


There are three types of modified opinions: the qualified opinion, the adverse opinion, and the 
disclaimer of opinion. 


= Qualified Opinion: A qualified opinion states that except for the effects of the matter(s) 
to which the qualification relates, the financial statements present fairly, in all material 
respects, the financial position, results of operations, and cash flows of the entity in 
conformity with the applicable financial reporting framework. 


= Adverse Opinion: An adverse opinion states that the financial statements do not present 
fairly the financial position, results of operations, or cash flows of the entity in conformity 
with the applicable financial reporting framework. 


= Disclaimer of Opinion: A disclaimer of opinion states that the auditor does not express an 
opinion on the financial statements. 


Ve Pass Key 


When the auditor expresses an adverse opinion or a disclaimer of opinion on the complete 
financial statements (i.e., balance sheet, statement of income, statement of changes in 
equity, statement of cash flows, and disclosures), the auditor's report should not also 
include an unmodified (unqualified) opinion on a single financial statement (e.g., the 
statement of cash flows) or one or more specific elements, accounts, or items of a financial 
statement. Issuing such an unmodified (unqualified) opinion in these circumstances 

would contradict the adverse opinion or the disclaimer of opinion on the complete 
financial statements. 


2.2.2 Brief Summary of When to Use Different Opinions 


The chart below summarizes when to use different opinions. 


Financial Statements Inability to Obtain Sufficient 
Are Materially Misstated Appropriate Audit Evidence 
Materiality of Problem (Financial Statement Issues) (Audit Issues) 
None or immaterial Unmodified (unqualified) Unmodified (unqualified) 
Material but not pervasive Qualified opinion Qualified opinion 
Material and pervasive Adverse opinion Disclaimer of opinion 
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2.2.3 Definition of Pervasive 


Pervasive effects on the financial statements are those which in the auditor's 
professional judgment: 


=™ are not confined to specific elements, accounts, or items of the financial statements; 
= ifso confined, represent a substantial proportion of the financial statements; or 


=™ are disclosures fundamental to the users' understanding of the financial statements. 
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Unmodified (Unqualified) 
Opinion 


Unmodified Audit Opinion (Nonissuers) 


The auditor of a nonissuer should express an unmodified opinion when the auditor concludes 
that the financial statements are presented fairly, in all material respects, in accordance with the 
applicable financial reporting framework. The auditor's report should be in writing. Note that 
nonissuers use the term unmodified and issuers use the term unqualified. 


1.1 


Contents of the Audit Report 


The basic elements of the unmodified audit opinion are the following: 


Independent Auditor Report 


Title Title clearly indicates that it is a report of an independent auditor. 
Addressee The report is addressed as required by the circumstances of the engagement. 
Auditor's The auditor's report should include a section with the heading "Opinion" that includes: 
Opinion © The entity whose financial statements have been audited. 
© Astatement that the financial statements have been audited. 
© The title of each statement that the financial statements comprise and reference to the notes. 
© The dates or periods covered by each financial statement that the financial statements 
comprise. 
© Astatement that in the auditor's opinion, the accompanying financial statements present 
fairly, in all material respects, the financial position of the entity as of the balance sheet 
date and the results of operations and its cash flows for the period then ended, in 
accordance with the applicable financial reporting framework. 
© Identification of the applicable financial reporting framework and its origin. 
Basis for The auditor's report should include a section with the heading "Basis for Opinion" that includes: 
Opinion e Astatement that the audit was conducted in accordance with generally accepted auditing 
standards and identifies the United States of America as the country of origin of those 
standards (GAAS). 
© Areference to the section of the auditor's report that describes auditor responsibilities 
under GAAS. 
© Astatement that the auditor is required to be independent and to meet other relevant 
ethical requirements. 
e Astatement as to whether the auditor believes that the evidence obtained is sufficient and 
appropriate to provide a basis for the auditor's opinion. 
Substantial When relevant, the auditor should include a separate section in the auditor's report with the 
Doubt About heading "Substantial Doubt About the Entity's Ability to Continue as a Going Concern" that: 
the Entity's © Draws attention to the note in the financial statements that discloses the conditions or 
Ability to events identified, management's plans to deal with the conditions or events, and states 
Continue as a that they indicate that substantial doubt exists about the entity's ability to continue as a 
Going Concern going concern for a reasonable period of time. 
(When Relevant) : ee we : 
© States that the auditor's opinion is not modified with respect to the matter. 
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Key Audit 
Matters (When 
Engaged) 


When engaged to communicate key auditor matters, the auditor should describe each key 
audit matter, using an appropriate subheading, in a separate section in the auditor's report 
with the heading "Key Audit Matters." The introductory language should state: 


© Key audit matters are those matters that were communicated with those charged with 
governance and, in the auditor's professional judgment, were of most significance in the 
audit of the financial statements in the current period. 


© These matters were addressed in the context of the audit of the financial statements as a 
whole, and in forming the auditor's opinion thereon, and the auditor does not provide a 
separate opinion on these matters. 


The description of each key audit matter should include a reference to the related disclosures, 
if any, in the financial statements, and should address the following: 


© Why the matter was considered to be one of the most significant in the audit. 
© How the matter was addressed in the audit. 


The auditor should not communicate a matter in this section of the auditor's report when the 
auditor would be required to modify the opinion as a result of the matter. 


Responsibilities 
of Management 
for the Financial 
Statements 


The auditor's report should include a section with the heading "Responsibilities of 
Management for the Financial Statements" that includes: 


© Anexplanation that management is responsible for the preparation and fair presentation 
of the financial statements in accordance with the applicable financial reporting framework. 


© Astatement that this responsibility includes the design, implementation, and maintenance 
of internal control relevant to the preparation and fair presentation of financial statements 
that are free from material misstatement, whether due to fraud or error. 


© When required, the evaluation of whether there are conditions or events that raise 
substantial doubt about the entity's ability to continue as a going concern. 


Auditor's 
Responsibilities 
for the Audit of 
the Financial 
Statements 


The auditor's report should include a section with the heading "Auditor's Responsibilities for 
the Audit of the Financial Statements" that includes: 


© Astatement that the objectives of the auditor are to obtain reasonable assurance about 
whether the financial statements are free from material misstatement, whether due to 
error or fraud, and to issue an auditor's report that includes the auditor's opinion. 


© Astatement that reasonable assurance is a high level of assurance but is not absolute 
assurance and, therefore, is not a guarantee a material misstatement will always be 
detected when it exists. 


e Astatement that the risk of not detecting a material misstatement resulting from fraud is 
higher than one resulting from error, as fraud may involve collusion, forgery, intentional 
omissions, misrepresentations, or the override of internal control. 


e Astatement that misstatements are considered material if there is a substantial likelihood, 
individually or in the aggregate, they would influence the judgement made by a reasonable 
user based on the financial statements. 


© Adescription of the audit that states the auditor's responsibilities are to: 
— Exercise professional judgment and maintain professional skepticism. 


—Identify and assess the risk of material misstatement of the financial statements, 
whether due to error or fraud, and design and perform audit procedures responsive to 
those risks. 


— Obtain an understanding of internal control relevant to the audit in order to design 
audit procedures that are appropriate in the circumstances, but not for the purpose of 
expressing an opinion on the effectiveness of the entity's internal control, and accordingly, 
no such opinion is expressed. (The italicized portion of this statement should be omitted 
if the auditor does have a responsibility to express an opinion on the effectiveness of 
internal control in conjunction with the audit of financial statements.) 
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Auditor's 
Responsibilities 
for the Audit of 
the Financial 
Statements 


(continued) 


— Evaluate the appropriateness of the accounting policies used and the reasonableness of 
significant accounting estimates made by management, as well as evaluating the overall 
presentation of the financial statements. 


— Conclude whether, in the auditor's judgment, there are conditions or events that 
raise substantial doubt about the entity's ability to continue as a going concern for a 
reasonable period of time. 


A statement that the auditor is required to communicate with those charged with governance 
regarding, among other matters, the planned scope and timing of the audit, significant audit 
findings, and certain internal control-related matters identified during the audit. 


Other 
Information 
(When 
Relevant) 


Other 
Reporting 
Responsibilities 


When relevant, the auditor's report should include a separate section with the heading "Other 
Information" including: 


© Astatement that management is responsible for the other information. 


© Anidentification of the other information and a statement that the other information does 
not include the financial statements and auditor's report thereon. 


© Astatement that the auditor's opinion does not cover the other information and the 
auditor does not express any opinion or form of assurance thereon. 


e Astatement that the auditor is responsible to read the other information and consider 
whether a material inconsistency exists between the other information and the financial 
statements, or the other information otherwise appears to be materially misstated. 


© Astatement that if, based on the work performed, the auditor concludes that an 
uncorrected material misstatement of the other information exists, the auditor is required 
to describe it in the auditor's report. 


© \fthe auditor has concluded that an uncorrected material misstatement of the other 
information exists, a statement that the auditor has concluded that an uncorrected material 
misstatement of the other information exists and a description of it in the auditor's report. 


If the auditor addresses other reporting responsibilities in the auditor's report in addition 
to GAAS, these other reporting responsibilities should be addressed in a separate section 
of the auditor's report subtitled "Report on Other Legal and Regulatory Responsibilities," or 
otherwise as appropriate. 


If the audit report contains a separate section on other reporting responsibilities, the other 
sections of the audit report already described should be under the subtitle "Report on the 
Audit of the Financial Statements." The "Report on Other Legal and Regulatory Requirements" 
should follow the "Report on the Audit of the Financial Statements." 


Signature of 


The auditor's report should include the manual or printed signature of the auditor's firm. 


the Auditor 

Auditor's The auditor's report should name the city and state where the auditor's report is issued. 
Address 

Date of the The auditor's report should be dated no earlier than the date on which the auditor has 
Auditor's obtained sufficient appropriate audit evidence on which to base the auditor's opinion on the 
Report financial statements, including evidence that: 


© allthe financial statements, including the related notes, have been prepared; and 


® management has asserted that it has taken responsibility for those financial statements. 


The auditor's report date shows the final date of auditor responsibility. For comparative 
financial statements, the audit report date for the most recent audit should be used. 
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1.1.1 Sample Report: Unmodified Opinion Excluding Communication 
of Key Audit Matters (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements’ 
Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes 
in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


In our opinion, the accompanying financial statements present fairly, in all material 
respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, and 
the results of its operations and its cash flows for the years then ended in accordance with 
accounting principles generally accepted in the United States of America. 


Basis for Opinion 


We conducted our audits in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audits. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our audit opinion. 


Responsibilities of Management for the Financial Statements 


Management is responsible for the preparation and fair presentation of the financial 
statements in accordance with accounting principles generally accepted in the United 
States of America, and for the design, implementation, and maintenance of internal control 
relevant to the preparation and fair presentation of financial statements that are free from 
material misstatement, whether due to fraud or error. 


In preparing the financial statements, management is required to evaluate whether there 
are conditions or events, considered in the aggregate, that raise substantial doubt about 
ABC Company's ability to continue as a going concern for [insert the time period set by the 
applicable financial reporting framework]. 


Auditor's Responsibilities for the Audit of the Financial Statements 


Our objectives are to obtain reasonable assurance about whether the financial statements 
as a whole are free from material misstatement, whether due to fraud or error, and to 
issue an auditor's report that includes our opinion. Reasonable assurance is a high level 

of assurance but is not absolute assurance and therefore is not a guarantee that an audit 
conducted in accordance with GAAS will always detect a material misstatement when it 
exists. The risk of not detecting a material misstatement resulting from fraud is higher than 
for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, 
misrepresentations, or the override of internal control. Misstatements are considered 
material if there is a substantial likelihood that, individually or in the aggregate, they would 
influence the judgment made by a reasonable user based on the financial statements. 


(continued) 
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(continued) 


In performing an audit in accordance with GAAS, we: 
© Exercise professional judgment and maintain professional skepticism throughout the audit. 


© Identify and assess the risks of material misstatement of the financial statements, 
whether due to fraud or error, and design and perform audit procedures responsive to 
those risks. Such procedures include examining, on a test basis, evidence regarding the 
amounts and disclosures in the financial statements. 


© Obtain an understanding of internal control relevant to the audit in order to design 
audit procedures that are appropriate in the circumstances, but not for the purpose 
of expressing an opinion on the effectiveness of ABC Company's internal control. 
Accordingly, no such opinion is expressed.” 


© Evaluate the appropriateness of accounting policies used and the reasonableness of 
significant accounting estimates made by management, as well as evaluate the overall 
presentation of the financial statements. 


® Conclude whether, in our judgment, there are conditions or events, considered in the 
aggregate, that raise substantial doubt about ABC Company's ability to continue as a 
going concern for a reasonable period of time. 


We are required to communicate with those charged with governance regarding, among 
other matters, the planned scope and timing of the audit, significant audit findings, and 
certain internal control-related matters that we identified during the audit. 


Other Information [Included in the Annual Report] 


Management is responsible for the other information [included in the annual report]. The 
other information comprises the [information included in the annual report] but does not 
include the financial statements and our auditor's report thereon. Our opinion on the 
financial statements does not cover the other information, and we do not express an 
opinion or any form of assurance thereon. 


In connection with our audit of the financial statements, our responsibility is to read the 

other information and consider whether a material inconsistency exists between the other 
information and the financial statements, or the other information otherwise appears to be 
materially misstated. If, based on the work performed, we conclude that an uncorrected material 
misstatement of the other information exists, we are required to describe it in our report. 


Report on Other Legal and Regulatory Requirements 


[The form and content of this section of the auditor's report would vary depending on the nature 
of the auditor's other reporting responsibilities. ] 


[Signature of the auditor's firm] 

[City and state where the auditor's report is issued] 

[Date of the auditor's report] 

'The subtitle, "Report on the Audit of the Financial Statements," is unnecessary in 


circumstances in which the second subtitle, "Report on Other Legal and Regulatory 
Requirements," is not applicable. 


? In circumstances in which the auditor also has a responsibility to express an opinion on the 
effectiveness of internal control in conjunction with the audit of the financial statements, 
omit the following: "but not for the purpose of expressing an opinion on the effectiveness 
of ABC Company's internal control. Accordingly, no such opinion is expressed." 
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1.2 Reference to Auditing Standards in the Auditor's Report 


1.2.1 Audits in Accordance With Two Sets of Standards 


If the audit was conducted in accordance with two sets of auditing standards in their 

entirety, the auditor may indicate that the audit was conducted in accordance with another 

set of auditing standards (e.g., International Standards on Auditing or government auditing 
standards). Additional language should be added to the basis for opinion paragraph to describe 
this situation: 


We conducted our audits in accordance with auditing standards generally accepted in 
the United States of America (GAAS) and in accordance with International Standards on 
Auditing (ISAs). Our responsibilities under those standards are further described in the 
Auditor's Responsibilities for the Audit of the Financial Statements section of our report. 


1.2.2. Audits in Accordance With GAAS and PCAOB Standards 


When conducting an audit of financial statements in accordance with the standards of the 
PCAOB and the audit is not required to be conducted in accordance with those standards, the 
auditor is required to also follow GAAS. In addition, the auditor should: 


m Use the report required by the PCAOB. 


m= Amend the PCAOB (issuer) report to state the audit was also conducted in accordance 
with GAAS. 


Vee Pass Key 


When the examiners require CPA candidates to respond to questions concerning the 
unmodified audit opinion (nonissuer), you must remember: 


Basis for opinion and auditor's 
responsibilities paragraphs 


GAAP (U.S. or other applicable Management's responsibility 
financial reporting framework) * and opinion paragraphs 


GAAS —— 


1.3. Key Audit Matters 


1.3.1 Definition and Identification 


Key audit matters (KAMs) are those matters that were of most significance in the audit of 

the financial statements of the current period. Such matters are selected from the matters 
communicated with those charged with governance. Entities (nonissuers) have the option of 
whether to engage the auditor to communicate key audit matters but should consider the needs 
of the users of the financial statements when making this determination. 
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When deciding which matters, if any, should be communicated as KAMs, the auditor should 
consider the items that required significant auditor attention and consider the following: 


™ areas with a higher assessed risk of material misstatement; 


™ areas requiring significant auditor and management judgment, including accounting 
estimates subject to a high degree of estimation uncertainty; and 


= significant events or transactions. 


The determination of which matters to include as a KAM is ultimately a matter of professional 
judgment. The auditor may focus his or her consideration on areas that are complex or subjective, 
contain uncorrected misstatements or control deficiencies, required the attention of specialists, or 
where the auditor encountered difficulties in applying procedures or evaluating results. 


1.3.2 Reporting KAMs in the Auditor's Report 


When the auditor is engaged to communicate key audit matters, a description of each matter 
must be included in a separate section of the auditor's report. The following language, including 
the section title "Key Audit Matters", should be included in the auditor's report in proximity of 
the "Opinion" and "Basis for Opinion" sections: 


Key Audit Matters 


Key audit matters are those matters that were communicated with those charged with 
governance and, in our professional judgment, were of most significance in our audit of the 
financial statements of the current period. These matters were addressed in the context of 
our audit of the financial statements as a whole, and in forming our opinion thereon, and 
we do not provide a separate opinion on these matters. 


[Description of each key audit matter] 


Each key audit matter should include a description of why the matter was of most significance 
and how the matter was addressed in the audit of the financial statements. 


If the auditor is engaged to communicate key audit matters, but determines, based on the facts 
and circumstances of the audit, that there are no items to communicate, a statement to this 
effect should be included in the auditor's report under the subheading "Key Audit Matters." 


1.3.3. Other Reporting Considerations for KAMs 


= The order of presentation and the adequacy of the description of each KAM is a matter of 
professional judgment. Each description is meant to enable intended users to understand 
the nature of and response to the matter and may include details such as an overview of 
procedures performed and related outcomes and observations. 


= The auditor should describe each key audit matter in the auditor's report unless law or 
regulation precludes disclosure of the matter or, in rare circumstances, when the auditor 
determines that the adverse consequence of doing so outweighs the public interest benefits 
of such communication. 


= Matters giving rise to a qualified opinion or when substantial doubt exists about an entity's 
ability to continue as a going concern for a reasonable period of time are by nature key 
audit matters, however, such matters should not be included in the "Key Audit Matters" 
section of the report but rather reference should be made to the "Basis for Opinion" or 
"Going Concern" section for further explanation. 


= Auditors are prohibited from communicating key audit matters when the auditor expresses an 
adverse opinion or disclaims an opinion unless such reporting is required by law or regulation. 
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1.3.4 Documentation of KAMs 


Audit documentation should include a description of the matters that required significant auditor 
attention and the rationale for the auditor's determination about whether each matter was considered 
a key audit matter. When applicable, documentation should also include the rationale for the following: 


= the auditor's determination that there were no key audit matters; or 


= the auditor's decision not to communicate a matter determined to be a key audit matter. 
2 Unqualified Audit Opinion (Issuers) 


The auditor of an issuer should express an unqualified opinion when the auditor concludes that 
the financial statements are presented fairly, in all material respects, in accordance with the 
applicable financial reporting framework (e.g., generally accepted accounting principles). The 
report should be in writing. 


2.1 Contents of the Audit Report 
The basic elements of the unqualified audit opinion are the following: 


Unqualified Opinion: Issuer 


Title The report must include the title, "Report of Independent Registered Public 
Accounting Firm." 


Addressee The report must be addressed to the shareholders and the board of directors. It 
generally is not addressed to management. 

Opinion The first section of the auditor's report must include the section title, "Opinion on the 

Section Financial Statements," and the following elements. 


© The name of the company whose financial statements were audited. 


e Astatement identifying each financial statement and any related schedule that has 
been audited. 


© The date of, or period covered by, each financial statement and related schedule 
identified in the report. 


e Astatement indicating that the financial statements were audited. 


e An opinion that the financial statements present fairly, in all material respects, 
the financial position of the company as of the balance sheet date and the results 
of its operations and its cash flows for the period then ended in conformity with 
the applicable financial reporting framework. The opinion should also include an 
identification of the applicable financial reporting framework (e.g., GAAP). 
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Basis for The Basis for Opinion section contains the following: 

Opinion . . ae 

gaan e Astatement that the financial statements are the responsibility of the company's 
management. 

e Astatement that the auditor's responsibility is to express an opinion on the financial 
statements based on the audit. 

e Astatement that the auditor is a public accounting firm registered with the PCAOB 
(United States) and is required to be independent with respect to the company 
in accordance with the U.S. federal securities laws and the applicable rules and 
regulations of the SEC and the PCAOB. 

e Astatement that the audit was conducted in accordance with the standards of 
the PCAOB. 

e Astatement that PCAOB standards require that the auditor plan and perform the 
audit to obtain reasonable assurance about whether the financial statements are 
free of material misstatement, whether due to error or fraud. 

e Astatement that the audit included: 

— performing procedures to assess the risks of material misstatement of the 
financial statements, whether due to error or fraud, and performing procedures 
that respond to those risks; 

—examining, on a test basis, evidence regarding the amounts and disclosures in the 
financial statements; 

— evaluating the accounting principles used and significant estimates made by 
management; and 

— evaluating the overall presentation of the financial statements. 

e Astatement that the auditor believes the audit provides a reasonable basis for the 
auditor's opinion. 

Critical Audit The auditor's report must include the section entitled "Critical Audit Matters" and should 

Matters include discussion of any critical audit matters (CAMs) arising from the current period's audit 
of the financial statements, or state that the auditor determined that there were no CAMs. 

Signature, The audit report must include: 

Tenure, © The signature of the audit firm. 

Location _ ; ; ; 

e Astatement containing the year the auditor began serving consecutively as the 
company's auditor. 

© The city and state (or country) from which the report was issued. 

Report Date The date of the audit report must be included in the report. 

© The report should be dated on or after the date on which appropriate audit 
evidence, sufficient to support the opinion, has been obtained. Sufficient appropriate 
audit evidence includes evidence that: 

—audit documentation has been reviewed; 

—financial statements have been prepared; and 

— management has taken responsibility for the financial statements. 

© The report date shows the final date of the auditor's responsibility. 

© For comparative statements, the date appropriate for the most recent audit should 
be used. 
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2.1.1 Sample Report: Unqualified Opinion (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as of 
December 31, 20X2 and 20X1, the related statements of income, comprehensive income, 
stockholders equity, and cash flows for each of the years then ended, and the related notes 
and schedules (collectively referred to as the "financial statements"). In our opinion, the 
financial statements present fairly, in all material respects, the financial position of the 
Company as of December 31, 20X2 and 20X1, and the results of its operations and its cash 
flows for the years then ended, in conformity with accounting principles generally accepted 
in the United States of America. 


Basis for Opinion 


These financial statements are the responsibility of the Company's management. Our 
responsibility is to express an opinion on the Company's financial statements based on 
our audits. We are a public accounting firm registered with the Public Company Accounting 
Oversight Board (United States) (PCAOB) and are required to be independent with respect 
to the Company in accordance with the U.S. federal securities laws and the applicable rules 
and regulations of the Securities and Exchange Commission and the PCAOB. 


We conducted our audits in accordance with the standards of the PCAOB. Those standards 
require that we plan and perform the audit to obtain reasonable assurance about whether 
the financial statements are free of material misstatement, whether due to error or fraud. 
Our audits included performing procedures to assess the risks of material misstatement 

of the financial statements, whether due to error or fraud, and performing procedures 

that respond to those risks. Such procedures included examining, on a test basis, evidence 
regarding the amounts and disclosures in the financial statements. Our audits also included 
evaluating the accounting principles used and significant estimates made by management, 
as well as evaluating the overall presentation of the financial statements. We believe that 
our audits provide a reasonable basis for our opinion. 


Critical Audit Matters 


The critical audit matters communicated below are matters arising from the current period 
audit of the financial statements that were communicated or required to be communicated 
to the audit committee and that: (1) relate to accounts or disclosures that are material to 
the financial statements and (2) involved our especially challenging, subjective, or complex 
judgments. The communication of critical audit matters does not alter in any way our 
opinion on the financial statements, taken as a whole, and we are not, by communicating 
the critical audit matters below, providing separate opinions on the critical audit matters or 
on the accounts or disclosures to which they relate. 


[Include critical audit matters] 


[Signature] 

We have served as the Company's auditor since [year]. 
[City and state or country] 

[Date] 
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2.1.2 Critical Audit Matters (CAMs): Definition and Identification 


The auditor's report must include any critical audit matters (CAMs) arising from the current 
period's audit of the financial statements, or state that the auditor determined that there were 
no CAMS. It is expected that, in most audits, the auditor would identify at least one CAM. 


A critical audit matter is defined as a matter that was communicated or required to be 
communicated to the audit committee and that: 


1. relates to accounts or disclosures that are material to the financial statements; and 
2. involved especially challenging, subjective, or complex auditor judgment. 


When determining whether a matter involved especially challenging, subjective, or complex 
auditor judgment, the auditor takes into account certain factors, including the auditor's 
assessment of the risks of material misstatement, areas of significant judgment or estimation by 
management, nature and timing of unusual transactions, the degree of subjectivity in applying 
audit procedures, and the extent of specialized skill or knowledge regarding a matter. 

2.1.3 Reporting Language if CAMs Are Identified 


The following language, including the section title "Critical Audit Matters," should precede critical 
audit matters communicated in the auditor's report: 


Critical Audit Matters 


The critical audit matters communicated below are matters arising from the current period 
audit of the financial statements that were communicated or required to be communicated 
to the audit committee and that: (1) relate to accounts or disclosures that are material to 
the financial statements and (2) involved our especially challenging, subjective, or complex 
judgments. The communication of critical audit matters does not alter in any way our 
opinion on the financial statements, taken as a whole, and we are not, by communicating 
the critical audit matters below, providing separate opinions on the critical audit matters or 
on the accounts or disclosures to which they relate. 


[Include critical audit matters] 


For each CAM identified, the audit report should include: 
= identification of the CAM; 


= description of the principal considerations that led the auditor to determine that the matter 
was a CAM; 


= description of how the CAM was addressed in the audit; and 


= reference to the relevant financial statement accounts or disclosures. 


Vas Pass Key 


For each CAM, make sure you Identify it on a PAD of paper. 
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2.1.4 Reporting Language if No CAMs Are Identified 


In situations in which the auditor determines that there are no critical audit matters, the auditor 
should include the following language, including the section title "Critical Audit Matters," in the 
auditor's report: 


Critical Audit Matters 


Critical audit matters are matters arising from the current period audit of the financial 
statements that were communicated or required to be communicated to the audit 
committee and that: (1) relate to accounts or disclosures that are material to the financial 
statements and (2) involved our especially challenging, subjective, or complex judgments. 
We determined that there are no critical audit matters. 


2.1.5 Other Reporting Requirements for CAMs 


=m Language that could be viewed as disclaiming, qualifying, restricting, or minimizing the 
auditor's responsibility for the critical audit matters or the auditor's opinion on the financial 
statements is not appropriate and may not be used. 


m= When describing critical audit matters in the auditor's report, the auditor is not expected to 
provide information about the company that has not been made publicly available by the 
company unless such information is necessary to describe the principal considerations that 
led the auditor to determine that a matter is a critical audit matter or how the matter was 
addressed in the audit. 


m= When the current period's financial statements are presented on a comparative basis with 
those of one or more prior periods, the auditor may communicate critical audit matters 
relating to a prior period. This may be appropriate, for example, when (1) the prior period's 
financial statements are made public for the first time, such as in an initial public offering, 
or (2) issuing an auditor's report on the prior period's financial statements because the 
previously issued auditor's report could no longer be relied upon. 


= Communication of critical audit matters is not required for audits of (1) brokers and dealers 
reporting under Exchange Act Rule 17a-5; (2) investment companies registered under the 
Investment Company Act of 1940 ("Investment Company Act"), other than companies that 
have elected to be regulated as business development companies; (3) employee stock 
purchase, savings, and similar plans; and (4) emerging growth companies. 


2.1.6 Documentation of CAMs 

For each matter arising from the audit of the financial statements that: 

1. was communicated or required to be communicated to the audit committee; and 
2. relates to accounts or disclosures that are material to the financial statements, 


the auditor must document whether the matter was determined to be a CAM and the basis for 
such determination. 
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2.1.7 Management Reports on Internal Control Over Financial Reporting 
(Issuer Only) 


When management is required to report on the company's internal control over financial 
reporting but such report is not required to be audited, and the auditor has not been engaged 
to perform an audit of management's assessment of the effectiveness of internal control over 
financial reporting, the auditor must include statements in the auditor's report in the Basis for 
Opinion section that: 


=m The company is not required to have, nor was the auditor engaged to perform, an audit of 
its internal control over financial reporting; 


= As part of the audit, the auditor is required to obtain an understanding of internal 
control over financial reporting but not for the purpose of expressing an opinion on the 
effectiveness of the company's internal control over financial reporting; and 


=m The auditor expresses no such opinion. 


Note: Most issuers are required to have an integrated audit, which means that an additional 
opinion is rendered on the operating effectiveness of internal control. 


ve Pass Key 


When the examiners require CPA candidates to respond to questions concerning the 
unqualified audit opinion (issuer), you must remember: 


PCAOB Auditing Standards —_——————~. Basis for Opinion section 


GAAP (U.S. or other applicable Opinion on the Financial 
financial reporting framework) Statements section 


3° Required Auditor Reporting of Certain Audit Participants 


3.1 Filing of Form AP 


The auditor of an issuer must file Form AP with the PCAOB for each audit report issued. This 
form includes information about the audit, such as: 


= Name of the firm. 
Name of the issuer whose financial statements are audited. 
Date of the audit report. 


The end date of the most recent period's financial statements identified in the audit report. 


The name of the engagement partner on the most recent period's audit and his or her 
current and prior ID number(s). 
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The city and state (or city and country) of the office of the firm issuing the audit report. 
Whether the audit report is dual-dated. 


Whether other accounting firms participated in the audit. 


Whether the firm divided responsibility for the audit. 
= Signature of partner or authorized officer. 


Form AP must be filed by the 35th day after the audit report is first filed in a document with the 
SEC or within 10 days if the audit report is included in a registration statement. 


3.2 Optional Inclusions 


Although not required, the auditor of an issuer may elect to include in the auditor's report 
information regarding the engagement partner and/or other accounting firms participating in 
the audit. 


If the auditor decides to provide information about the engagement partner, other accounting 
firms participating in the audit, or both, the auditor must disclose the following: 


m The engagement partner's full name; and/or 


= For other accounting firms participating in the audit, a statement that the auditor is responsible 
for the audits or audit procedures performed by the other public accounting firms and has 
supervised or performed procedures to assume responsibility for their work in accordance 
with PCAOB standards. In addition, the auditor should include information regarding the 
percentage of total audit hours the other audit firm participated in the audit. 
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1 Financial Statement Issues: Qualified or Adverse Opinion 


jnancial Statemenf, 
Materially Correcy 


Unmodified 
(Unqualified) 


2 
J 
2 
Ro 
= Qualified 
S 
z 


Disclaimer 


Materiality of Issue 


1.1 Qualified Opinion vs. Adverse Opinion 


The auditor uses professional judgment to determine whether to issue a qualified opinion or 


an adverse opinion when audit evidence indicates that there is material misstatement of the 
financial statements. 


Financial Statements Inability to Obtain Sufficient 
Are Materially Misstated Appropriate Audit Evidence 
Materiality of Problem (Financial Statement Issues) (Audit Issues) 
None or immaterial Unmodified (unqualified) Unmodified (unqualified) 
Material but not pervasive Qualified opinion Qualified opinion 
Material and pervasive Adverse opinion Disclaimer of opinion 


A qualified opinion should be expressed when the auditor concludes that misstatements, 
individually or in the aggregate, are material but not pervasive to the financial statements. 


An adverse opinion should be expressed when the auditor concludes that misstatements, 
individually or in the aggregate, are both material and pervasive to the financial statements. 
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1.2 Nature of Material Misstatements 


A material misstatement of the financial statements may arise in relation to the following: 
=m The appropriateness of accounting policies. 
=m The application of accounting policies. 


= The appropriateness of the financial statement presentation or the appropriateness or 
adequacy of disclosures in the financial statements. 


1.2.1 Appropriateness of Accounting Policies 
Material misstatements related to the appropriateness of accounting policies may arise when: 
1. accounting policies are not in accordance with the applicable financial reporting framework; 


2. the financial statements do not represent the underlying transactions and events ina 
manner that achieves fair presentation; or 


3. the entity has not complied with the financial reporting framework requirements for 
accounting for and disclosing changes in accounting policies. 


1.2.2 Application of Accounting Policies 
Material misstatements related to the application of accounting policies may arise when: 


1. management has not applied accounting policies in accordance with the applicable financial 
reporting framework (e.g., expensing rather than capitalizing an asset); 


2. management has not applied accounting policies consistently between periods or to similar 
transactions and events; or 


3. there is an error in the application of an accounting policy. 


1.2.3. Appropriateness of Financial Statement Presentation or Disclosures 


Material misstatements related to the appropriateness of financial statement presentation or 
the appropriateness or adequacy of disclosures may arise when: 


1. the financial statements do not include all required disclosures; 


2. the disclosures are not presented in accordance with the applicable financial 
reporting framework; 


3. the financial statements do not provide the disclosures needed to achieve fair 
presentation; or 


4. information that is required to be presented, such as a statement of cash flows, has not 
been included or disclosed in the financial statements. 


Pass Key 


If a company issues financial statements that purport to present financial position and 
results of operations but omits the related statement of cash flows, the auditor will 
normally conclude that the omission requires a qualified opinion. 
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2  Nonissuer Reports 


2.1. Form and Content of Auditor's Report (Nonissuers) 


When the auditor expresses a qualified or adverse opinion due to material misstatement of the 
financial statements, the auditor's report will include a modified "Basis for Opinion" section and 
a "Qualified Opinion" or "Adverse Opinion" section, as appropriate. 


2.1.1 Qualified Opinion 


Qualified Opinion Due to Material Misstatement 


of Financial Statements: Nonissuer 


Title Same as standard nonissuer report. 
Addressee Same as Standard nonissuer report. 
Qualified Opinion The auditor's report should include a section with the heading "Qualified 


Opinion" and the section should be modified to state that, in the auditor's 
opinion, except for the effects of the matters described in the "Basis for 
Qualified Opinion" section of the auditor's report, the financial statements are 
fairly presented. 


Basis for Qualified The auditor's report should include a section with the heading "Basis 

Opinion for Qualified Opinion" and the section should be amended to include a 
description of the matter giving rise to the modification. 

Responsibilities of Same as standard nonissuer report. 

Management for the 


Financial Statements 


Auditor's Responsibilities | Same as standard nonissuer report. 
for the Audit of the 
Financial Statements 


Other Reporting Same as standard nonissuer report. 
Responsibilities 


Signature of the Auditor | Same as standard nonissuer report. 


Auditor's Address Same as Standard nonissuer report. 


Date of the Same as Standard nonissuer report. 
Auditor's Report 


L Pass Key 


Practicable means that the information is reasonably obtainable from management's 
accounts and records and that providing the information in the auditor's report does 
not require the auditor to assume the position of a preparer of financial information. For 
example, the auditor is not expected to prepare a basic financial statement, such as an 
omitted statement of cash flows, or segment information and include it in the auditor's 
report when management omits such information. 
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2.1.2 Sample Report: Qualified Opinion Due to Inadequate Disclosure (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Qualified Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes 
in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


In our opinion, except for the omission of the information described in the Basis for Qualified 
Opinion section of our report, the accompanying financial statements present fairly, in all 
material respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, 
and the results of its operations and its cash flows for the years then ended in accordance 
with accounting principles generally accepted in the United States of America. 


Basis for Qualified Opinion 


ABC Company's financial statements do not disclose [describe the nature of the omitted 
information that is not practicable to present in the auditor's report]. In our opinion, disclosure 
of this information is required by accounting principles generally accepted in the United 
States of America. 


We conducted our audits in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audits. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our qualified audit opinion. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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2.1.3 Sample Report: Qualified Opinion Due to a Material Misstatement 
of the Financial Statements (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Qualified Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes 
in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


In our opinion, except for the effects of the matter described in the Basis for Qualified 
Opinion section of our report, the accompanying financial statements present fairly, in 

all material respects, the financial position of ABC Company as of December 31, 20X1 

and 20X0, and the results of its operations and its cash flows for the years then ended in 
accordance with accounting principles generally accepted in the United States of America. 


Basis for Qualified Opinion 


ABC Company has stated inventories at cost in the accompanying balance sheets. 
Accounting principles generally accepted in the United States of America require 
inventories to be stated at the lower of cost or market. If the Company stated inventories 
at the lower of cost or market, a write down of $XXX and $XXX would have been required 
as of December 31, 20X1 and 20X0, respectively. Accordingly, cost of sales would have been 
increased by $XXX and $XXX, and net income, income taxes, and stockholders' equity would 
have been reduced by $XXX, $XXX, and $XXX, and $XXX, $XXX, and $XXX, as of and for the 
years ended December 31, 20X1 and 20X0, respectively. 


We conducted our audits in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audits. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our qualified audit opinion. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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2.1.4 Adverse Opinion 


Adverse Opinion Due to Material Misstatement of Financial Statements: Nonissuer 


Title 


Same as standard nonissuer report. 


Addressee 


Same as standard nonissuer report. 


Adverse Opinion 


The auditor's report should include a section with the heading "Adverse 
Opinion" and the section should be modified to state that, in the auditor's 
opinion, because of the significance of the matters described in the "Basis for 
Adverse Opinion" section, the financial statements do not present fairly in 
accordance with the applicable reporting framework. 


Basis for Adverse 
Opinion 


The auditor's report should include a section with the heading "Basis for 
Adverse Opinion" and the section should be amended to include a description 
of the matter giving rise to the modification. 


Key Audit Matters 


The auditor should not include a "Key Audit Matters" section in the auditor's 
report when issuing an adverse opinion on the financial statements. 


Responsibilities of 
Management for the 
Financial Statements 


Same as standard nonissuer report. 


Auditor's 
Responsibilities for the 
Audit of the Financial 
Statements 


Same as standard nonissuer report. 


Other Reporting 
Responsibilities 


Same as standard nonissuer report. 


Signature of the 
Auditor 


Same as standard nonissuer report. 


Auditor's Address 


Same as standard nonissuer report. 


Date of the Auditor's 
Report 


Same as standard nonissuer report. 
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2.1.5 Sample Report: Adverse Opinion Due to a Material Misstatement 
of the Financial Statements (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Adverse Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes 
in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


In our opinion, because of the significance of the matter discussed in the Basis for Adverse 
Opinion section of our report, the accompanying consolidated financial statements 

do not present fairly the financial position of ABC Company and its subsidiaries as of 
December 31, 20X1, or the results of their operations or their cash flows for the year then 
ended in accordance with accounting principles generally accepted in the United States 

of America. 


Basis for Adverse Opinion 


As described in Note X, ABC Company has not consolidated the financial statements of 
subsidiary XYZ Company that it acquired during 20X1 because it has not yet been able 

to ascertain the fair values of certain of the subsidiary's material assets and liabilities at 
the acquisition date. This investment is, therefore, accounted for on a cost basis by the 
Company. Under accounting principles generally accepted in the United States of America, 
the subsidiary should have been consolidated because it is controlled by the Company. 
Had XYZ Company been consolidated, many elements in the accompanying consolidated 
financial statements would have been materially affected. The effects on the consolidated 
financial statements of the failure to consolidate have not been determined. 


We conducted our audit in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audit. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our adverse audit opinion. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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3. Issuer Reports 


3.1. Form and Content of Auditor's Report (Issuer) 


When the auditor expresses a qualified or adverse opinion due to material misstatement of 
the financial statements, the auditor's report will include an additional paragraph immediately 
following the opinion paragraph and the opinion paragraph will be modified. The auditor is not 
required to report critical audit matters in the auditor's report when the auditor expresses an 
adverse opinion. 


3.1.1 Qualified Opinion 


Qualified Opinion Due to Material Misstatement 


of Financial Statements: Issuer 


Opinion Section The section title and first sentence are the same as the standard issuer audit report. 


The second sentence is modified to include the appropriate qualifying language 
(i.e., except for or with the exception of) and a reference to the paragraph that 
discloses all of the qualified opinion. 


Additional A paragraph should be placed immediately following the opinion paragraph. There 
Paragraph(s) is no heading for this paragraph. This paragraph should include: 


e All of the substantive reasons that lead the auditor to conclude that there has 
been a departure from generally accepted accounting principles. 


© Disclosure of the principal effects of the subject matter of the qualification on 
financial position, results of operations, and cash flows, if practicable. 


— If the effects are not reasonably determinable, the report should so state. 


— If such disclosures are made in a note to the financial statements, the 
explanatory paragraph(s) may be shortened by referring to it. 


Basis for Opinion | Same as standard issuer audit report. 
Section 


Critical Audit Same as Standard issuer audit report. 
Matters 
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3.1.2 Sample Report: Qualified Opinion Due to a Material Misstatement 
of the Financial Statements (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as of 
December 31, 20X2 and 20X1, the related statements of income, comprehensive income, 
stockholders equity, and cash flows for each of the years then ended, and the related 

notes and schedules (collectively referred to as the "financial statements"). In our opinion, 
except for the effects of not capitalizing certain lease obligations as discussed in the following 
paragraph, the financial statements referred to above present fairly, in all material respects, 
the financial position of the Company as of December 31, 20X2 and 20X1, and the results 
of its operations and its cash flows for the years then ended in conformity with accounting 
principles generally accepted in the United States of America. 


The Company has excluded, from property and debt in the accompanying balance sheets, 
certain lease obligations that, in our opinion, should be capitalized in order to conform 
with accounting principles generally accepted in the United States of America. If these 
lease obligations were capitalized, property would be increased by $ and $ i 
long-term debt by $ and $ , and retained earnings by $ and $ 

as of December 31, 20X2 and 20X1, respectively. Additionally, net income would be 
increased (decreased) by $ and $ and earnings per share would be increased 
(decreased) by $ and $ , respectively, for the years then ended. 


Basis for Opinion 

[Basis for Opinion section same as standard issuer audit report] 
Critical Audit Matters 

[Critical Audit Matters section same as standard issuer audit report] 


[Signature] 

We have served as the Company's auditor since [year]. 
[City and state or country] 

[Date] 
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3.1.3 Adverse Opinion 


Adverse Opinion Due to Material Misstatement 


of Financial Statements: Issuer 


Opinion Section When the auditor expresses an adverse opinion, the opinion section should 
state that, in the auditor's opinion, because of the effects of matters discussed 
in the following paragraph(s), the financial statements do not present fairly, in 
conformity with accounting principles generally accepted in the United States 
of America, the financial statements. 


Additional Paragraph(s) | A paragraph should be placed immediately following the opinion paragraph. 
There is no heading for this paragraph. This paragraph should include: 


e All of the substantive reasons that lead the auditor to conclude that there 
has been a departure from generally accepted accounting principles. 


© Disclosure of the principal effects of the subject matter of the adverse opinion 
on financial position, results of operations, and cash flows, if practicable. 
—If the effects are not reasonably determinable, the report should so state. 


—If such disclosures are made in a note to the financial statements, the 
explanatory paragraph(s) may be shortened by referring to it. 


Basis for Opinion Section | Same as standard issuer audit report. 


Critical Audit Matters Critical Audit Matters section omitted. 


3.1.4 Sample Report: Adverse Opinion Due to a Material Misstatement 
of the Financial Statements (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as of 
December 31, 20X2 and 20X1, the related statements of income, comprehensive income, 
stockholders' equity, and cash flows for each of the years then ended, and the related notes 
and schedules (collectively referred to as the "financial statements"). In our opinion, because 
of the effects of the matters discussed in the following paragraphs, the financial statements 
do not present fairly, in conformity with accounting principles generally accepted in the 
United States of America, the financial position of the Company as of December 31, 20X2 
and 20X1, or the results of its operations or its cash flows for the years then ended. 


As discussed in Note X to the financial statements, the Company carries its property, plant, 
and equipment accounts at appraisal values, and provides depreciation on the basis of 
such values. Further, the Company does not provide for income taxes with respect to 
differences between financial income and taxable income arising because of the use, for 
income tax purposes, of the installment method of reporting gross profit from certain types 
of sales. Accounting principles generally accepted in the United States of America require 
that property, plant, and equipment be stated at an amount not in excess of cost, reduced 
by depreciation based on such amount, and that deferred income taxes be provided. 


(continued) 
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(continued) 


Because of the departures from accounting principles generally accepted in the United 
States of America identified above, as of December 31, 20X2 and 20X1, inventories 

have been increased $ and $ by inclusion in manufacturing overhead 

of depreciation in excess of that based on cost; property, plant, and equipment, less 
accumulated depreciation, is carried at $ and $ in excess of an amount 
based on the cost to the Company; and deferred income taxes of $ and $ 

have not been recorded; resulting in an increase of $ and $ in retained 
earnings and in appraisal surplus of $ and $ , respectively. For the years ended 
December 31, 20X2 and 20X1, cost of goods sold has been increased $ and $ ; 
respectively, because of the effects of the depreciation accounting referred to above and 
deferred income taxes of $ and $ have not been provided, resulting in an 
increase in net income of $ and $ , respectively. 


Basis for Opinion 

[Basis for Opinion section same as standard issuer audit report] 
[Signature] 

We have served as the Company's auditor since [year]. 

[City and state or country] 

[Date] 
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NOTES 
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Modified Opinions 
Due to Audit Issues 


1 Audit Issues: Qualified Opinion or Disclaimer 


jnancial Statements 
Materially Correct 
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Materiality of Issue 


1.1. Qualified Opinion vs. Disclaimer 


The auditor uses professional judgment to determine whether to issue a qualified opinion or a 
disclaimer of opinion. 


Financial Statements Inability to Obtain Sufficient 


Are Materially Misstated Appropriate Audit Evidence 
Materiality of Problem (Financial Statement Issues) (Audit Issues) 


None or immaterial Unmodified (unqualified) Unmodified (unqualified) 
Material but not pervasive | Qualified opinion 


Qualified opinion 


Material and pervasive | Adverse opinion Disclaimer of opinion 


A qualified opinion due to an audit problem should be expressed when the auditor is unable 
to obtain sufficient appropriate audit evidence on which to base an opinion and the auditor 


concludes that the possible effects of any undetected misstatements could be material but 
not pervasive. 
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A disclaimer of opinion should be expressed when the auditor is unable to obtain sufficient 
appropriate audit evidence on which to base an opinion and the auditor concludes that the 
possible effects of any undetected misstatements could be both material and pervasive. A 
disclaimer of opinion should also be expressed if the auditor is not independent or if the 
financial statements are unaudited. 


1.2 Examples of Scope Limitations 


When the auditor is unable to complete the audit fully, the scope of the audit has been limited. 
Examples of conditions that restrict scope include the following items. 


= Time constraints. 
= Inability to obtain sufficient appropriate audit evidence, such as: 
e Inability to observe inventory 
e Inability to confirm receivables 
e Inability to obtain audited financial statements of a consolidated investee 
e Restrictions on the use of auditing procedures 
e  Inadequacy of accounting records 


=m Refusal of management to provide written representation and/or to acknowledge its 
responsibility for the fair presentation of the financial statements in conformity with GAAP. 


= Refusal of client's attorney to respond to inquiry. 


1.3. Causes of Scope Limitations 


Limitations on the scope of the audit may be imposed by either circumstances or management. 


1.3.1. Circumstances 


A scope limitation may be caused by circumstances beyond the control of the entity or 
circumstances relating to the nature or timing of the auditor's work. For example, a scope limitation 
may exist when an auditor was not engaged at the beginning of the year, when opening inventory 
should have been observed. When circumstances prevent the auditor from performing a specific 
procedure, the auditor should determine whether it is possible to perform alternative procedures. 


Va Pass Key 


The inability to perform a specific procedure is not a limitation on the scope of the audit if 
the auditor is able to obtain sufficient appropriate audit evidence by performing alternative 
procedures. If alternative procedures cannot be performed, the auditor should express a 
qualified opinion or a disclaimer of opinion. 


1.3.2 Management-Imposed Scope Limitation 


If the auditor becomes aware that management has imposed a limitation that the auditor 
believes may result in the need to express a qualified opinion or disclaim an opinion, the auditor 
should ask management to remove the limitation. If management will not remove the limitation, 
the auditor should communicate with those charged with governance and determine whether it 
is possible to perform alternative procedures. 
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If the auditor is unable to obtain sufficient appropriate audit evidence due to a 
management-imposed scope limitation and the auditor concludes that the possible effects of 
any undetected misstatements could be both material and pervasive, then the auditor should 
either disclaim an opinion or withdraw from the engagement. Withdrawal may not be possible if 
the auditor has substantially completed the audit, or if the audit is required by law or regulation. 
The auditor may choose to add an other-matter (explanatory) paragraph to the auditor's report 
to describe the reasons why the auditor cannot withdraw from an engagement when the auditor 
is unable to obtain sufficient appropriate audit evidence due to a management-imposed scope 
limitation and the possible effects on the financial statements of undetected misstatements 
could be both material and pervasive. 


1.4 Unaudited Financial Statements 


1.4.1 Association With Financial Statements 

Association occurs when an accountant either: 

1. consents to the use of his or her name in connection with the financial statements; or 
2. has prepared the financial statements, even if the accountant's name is not used. 


Pass Key 


When the auditor is not independent but is required by law or regulation to report on the 
financial statements, the auditor should disclaim an opinion and should specifically state 

that the auditor is not independent. If the auditor chooses to provide the reasons for the 

lack of independence, the auditor should include all reasons. 


1.4.2 Disclaimer on Unaudited Financial Statements 


An accountant who is associated with the financial statements of an engagement that is 
conducted in accordance with PCAOB standards without auditing or reviewing them should 
issue a disclaimer of opinion. Other requirements for this type of disclaimer on unaudited 
financial statements include: 


= The accountant must read the financial statements for obvious errors. 


=m The disclaimer may accompany the unaudited financial statements or it may be placed 
directly on them. 


=m "Unaudited" should be clearly marked on each page of the financial statements. 


If the client refuses to correct an obvious error, the auditor should add a paragraph 
modifying the disclaimer to describe, in a separate explanatory paragraph, the nature and 
effect of the departure from GAAP. If the client refuses to accept the modified disclaimer, 
the auditor should withdraw from the engagement. 


Pass Key 


When exam questions indicate that the financial statements are false, fraudulent, deceptive or 
misleading, that management refuses to correct them, and that modification of the CPA's report 
is not sufficient to correct the item, the CPA should consider withdrawing from the engagement. 
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AUD 1 


2  Nonissuer Reports 


21 


Form and Content of Auditor's Report (Nonissuer) 


When the auditor expresses a qualified opinion or disclaimer of opinion, the auditor's report will 
include a modified "Basis for Opinion" paragraph and a "Qualified Opinion" or "Disclaimer of 
Opinion" paragraph, as appropriate. A disclaimer of opinion will also include a modification to the 
"Auditor's Responsibilities for the Audit of the Financial Statements" section of the auditor's report. 


20 


Qualified Opinion 


Qualified Opinion Due to Audit Issues: Nonissuer 


Title 


Same as standard nonissuer report. 


Addressee 


Same as standard nonissuer report. 


Qualified Opinion 


The auditor's report should include a section with the heading "Qualified Opinion" 
and the section should be modified to state that, in the auditor's opinion, except 
for the possible effects of the matters described in the "Basis for Qualified Opinion" 
section of the auditor's report, the financial statements are fairly presented. 


Basis for Qualified 
Opinion 


The auditor's report should include a section with the heading "Basis for 
Qualified Opinion" and the section should be amended to include a description 
of the reasons for the inability to obtain sufficient appropriate audit evidence. 


Responsibilities of 
Management for the 
Financial Statements 


Same as Standard nonissuer report. 


Auditor's 
Responsibilities for the 
Audit of the Financial 
Statements 


Same as standard nonissuer report. 


Other Reporting 
Responsibilities 


Signature of the 
Auditor 


Same as standard nonissuer report. 


Same as standard nonissuer report. 


Auditor's Address 


Same as standard nonissuer report. 


Date of the Auditor's 
Report 


Same as standard nonissuer report. 


& 


Pass Key 


When the auditor expresses a qualified opinion due to a scope limitation, the opinion 
paragraph states that the qualification relates to the possible effect of the matter on the 
financial statements and not the scope limitation itself. Wording such as, "In our opinion, 
except for the above-mentioned limitation on the scope of the audit ... "is not acceptable. 
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2.1.2 Sample Report: Qualified Opinion Due to the Auditor's Inability 
to Obtain Sufficient Appropriate Audit Evidence (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Qualified Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheet as of December 31, 20X1, and the related statements of income, changes in 
stockholders' equity, and cash flows for the year then ended, and the related notes to the 
financial statements. 


In our opinion, except for the possible effects of the matter described in the Basis for 
Qualified Opinion section of our report, the accompanying financial statements present fairly, 
in all material respects, the financial position of ABC Company as of December 31, 20X1, and 
the results of its operations and its cash flows for the year then ended in accordance with 
accounting principles generally accepted in the United States of America. 


Basis for Qualified Opinion 


ABC Company's investment in XYZ Company, a foreign affiliate acquired during the year 
and accounted for under the equity method, is carried at $XXX on the balance sheet at 
December 31, 20X1, and ABC Company's share of XYZ Company's net income of $XXX 

is included in ABC Company's net income for the year then ended. We were unable to 
obtain sufficient appropriate audit evidence about the carrying amount of ABC Company's 
investment in XYZ Company as of December 31, 20X1, and ABC Company's share of XYZ 
Company's net income for the year then ended because we were denied access to the 
financial information, management, and the auditors of XYZ Company. Consequently, we 
were unable to determine whether any adjustments to these amounts were necessary. 


We conducted our audit in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audit. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our qualified audit opinion. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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2.1.3 Disclaimer of Opinion 


Disclaimer of Opinion Due to Audit Issues: Nonissuer 


Title 


Addressee 


Same as standard nonissuer report. 


Same as Standard nonissuer report. 


Disclaimer of 
Opinion 


The auditor's report should include a section with the heading "Disclaimer of 
Opinion" that includes: 


e Astatement that the auditor does not express an opinion on the financial 
statements. 


e Astatement that due to the significance of the matters described in the "Basis 
for Disclaimer of Opinion" section, the auditor has not been able to obtain 
sufficient appropriate audit evidence to provide a basis for an opinion. 


e Amend the statement that indicates the financial statements "have been 
audited" to state that the auditor was "engaged to audit" the financial 
statements. 


of Opinion 


Basis for Disclaimer 


The auditor's report should include a section with the heading "Basis for 
Disclaimer of Opinion" and the section should be amended to include a description 
of the reasons for the inability to obtain sufficient appropriate audit evidence. 
Specifically, the auditor's report should not include the following: 


e Areference to the section of the auditor's report where auditor responsibilities 
are described; or 


e Astatement about whether the audit evidence obtained is sufficient and 
appropriate to provide a basis for the auditor's opinion. 


Key Audit Matters 


Responsibilities 
of Management 
for the Financial 


The auditor should not include a "Key Audit Matters" section in the auditor's report 
when disclaiming an opinion on the financial statements. 


Same as Standard nonissuer report. 


Statements 

Auditor's The auditor should amend the section with the heading "Auditor's Responsibilities 
Responsibilities for the Audit of the Financial Statements" to include only the following: 

for the Audit of as eee : Seu 
the Financial e A statement that the auditor S responsibility is to conduct an audit of the entity's 
Sieinenis financial statements in accordance with auditing standards generally accepted 


in the United States of America and to issue an auditor's report. 


e Astatement that because of matters described in the "Basis for Disclaimer of 
Opinion" section, the auditor was not able to obtain sufficient appropriate audit 
evidence to provide a basis for an audit opinion on the financial statements. 


e Astatement that the auditor is required to be independent and to meet other 
ethical responsibilities. 


Other Reporting 
Responsibilities 


Same as standard nonissuer report. 


Signature of the 
Auditor 


Same as standard nonissuer report. 


Auditor's Address 


Same as standard nonissuer report. 


Date of the 
Auditor's Report 


Same as standard nonissuer report. 
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2.1.4 Sample Report: Disclaimer of Opinion (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Disclaimer of Opinion 


We were engaged to audit the financial statements of ABC Company, which comprise the 

balance sheet as of December 31, 20X1, and the related statements of income, changes in 
stockholders' equity, and cash flows for the year then ended, and the related notes to the 
financial statements. 


We do not express an opinion on the accompanying financial statements of ABC Company. 
Because of the significance of the matters described in the Basis for Disclaimer of Opinion 
section of our report, we have not been able to obtain sufficient appropriate audit evidence 
to provide a basis for an audit opinion on these financial statements. 


Basis for Disclaimer of Opinion 


We were not engaged as auditors of ABC Company until after December 31, 20X1, and, 
therefore, did not observe the counting of physical inventories at the beginning or end of 
the year. We were unable to satisfy ourselves by other auditing procedures concerning 
the inventory held at December 31, 20X1, which is stated in the balance sheet at $XXX. In 
addition, the introduction of a new computerized accounts receivable system in September 
20X1 resulted in numerous misstatements in accounts receivable. As of the date of our 
audit report, management was still in the process of rectifying the system deficiencies 
and correcting the misstatements. We were unable to confirm or verify by alternative 
means accounts receivable included in the balance sheet at a total amount of $XXX at 
December 31, 20X1. As a result of these matters, we were unable to determine whether 
any adjustments might have been found necessary in respect of recorded or unrecorded 
inventories and accounts receivable, and the elements making up the statements of 
income, changes in stockholders’ equity, and cash flows. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 
Auditor's Responsibilities for the Audit of the Financial Statements 


Our responsibility is to conduct an audit of ABC Company's financial statements in 
accordance with auditing standards generally accepted in the United States of America and 
to issue an auditor's report. However, because of the matters described in the Basis for 
Disclaimer of Opinion section of our report, we were not able to obtain sufficient appropriate 
audit evidence to provide a basis for an audit opinion on these financial statements. 


We are required to be independent of ABC Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements relating to our audit. 


Report on Other Legal and Regulatory Requirements 
[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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3. Issuer Reports 


3.1. Form and Content of the Auditor's Report (Issuer) 


When the auditor expresses a qualified opinion or disclaimer of opinion, a paragraph 
immediately following the opinion paragraph is added and the opinion paragraph is modified. 
A qualified opinion and disclaimer of opinion will include modified language in the Basis for 
Opinion section. The auditor is not required to report critical audit matters in the auditor's 
report when the auditor expresses a disclaimer of opinion. 


3.1.1 Qualified Opinion 


Qualified Opinion Due to Audit Issues: Issuer 


Opinion The section heading and first sentence is the same as the standard issuer audit report. 


Section The second sentence is modified to include the appropriate qualifying language (i.e., except 


for or with the exception of) and a reference to the paragraph that describes the departure 
from the unqualified opinion. 


Additional A paragraph should be placed immediately following the opinion paragraph. There is no 
Paragraph heading for this paragraph. 


This paragraph should describe the reasons for the inability to obtain sufficient 
appropriate audit evidence. 


Basis for Same as standard issuer audit report, except that the second paragraph in this section 
Opinion should refer to the paragraph that describes the departure from the unqualified opinion. 
Section 


Critical Audit | Same as standard issuer audit report. 
Matters 
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3.1.2 Sample Report: Qualified Opinion Due to a Scope Limitation (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as of 
December 31, 20X2 and 201, the related statements of income, comprehensive income, 
stockholders' equity, and cash flows for each of the years then ended, and the related 
notes and schedules (collectively referred to as the "financial statements"). In our opinion, 
except for the effects of the adjustments, if any, as might have been determined to be 
necessary had we been able to examine evidence regarding the foreign affiliate investment 
and earnings, as described below, the financial statements present fairly, in all material 
respects, the financial position of the Company as of December 31, 20X2 and 20X1, and 

the results of its operations and its cash flows for the years then ended in conformity with 
accounting principles generally accepted in the United States of America. 


We were unable to obtain audited financial statements supporting the Company's 
investment in a foreign affiliate stated at $ and $ at December 31, 20X2 and 
20X1, respectively, or its equity in earnings of that affiliate of $ and $ , which 

is included in net income for the years then ended as described in Note X to the financial 
statements; nor were we able to satisfy ourselves as to the carrying value of the investment 
in the foreign affiliate or the equity in its earnings by other auditing procedures. 


Basis for Opinion 
[Same as standard issuer report, except for the statement below] 


Except as discussed above, we conducted our audits in accordance with the standards of the 
PCAOB. [Remainder paragraph the same as standard issuer report] 


Critical Audit Matters 
[Critical Audit Matters section same as standard issuer audit report] 


[Signature] 

We have served as the Company's auditor since [year]. 
[City and state or country] 

[Date] 
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3.1.3 Disclaimer of Opinion 


Disclaimer of Opinion Due to Audit Issues: Issuer 


Disclaimer of Modifications to this section include: 
Opinion Section e Section heading of "Disclaimer of Opinion on the Financial Statements." 
e Use of the words "were engaged to audit" instead of "have audited." 

© Reference to the paragraph describing the reasons for disclaimer. 


e Astatement that the auditor was not able to obtain sufficient appropriate audit 
evidence to provide a basis for an audit opinion. 


e Adisclaimer of opinion ("do not express an opinion") is given on the financial 
statements as a whole. 


Additional A separate paragraph should be placed immediately following the opinion 
Paragraph paragraph. This paragraph should include: 


e Allofthe substantive reasons for the disclaimer. 
© Disclosure of any reservations regarding fair presentation in conformity with GAAP. 


Basis for Modification to the Basis of Opinion paragraph includes: 
Disclaimer of © Section heading of "Basis for Disclaimer of Opinion." 
Opinion Paragraph ae ea. 7 
© Elimination of the sentence, "Our responsibility is to express an opinion on the 


Company's financial statements based on our audits." 


© Elimination of entire second paragraph in this section, which begins with "We 
conducted our audits in accordance... ." 


Critical Audit Critical Audit Matters section omitted. 
Matters 


3.1.4 Sample Report: Disclaimer of Opinion Due to Inability 
to Obtain Sufficient Appropriate Audit Evidence (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Disclaimer of Opinion on the Financial Statements 


We were engaged to audit the accompanying balance sheets of X Company (the "Company") 
as of December 31, 20X2 and 20X1, and the related statements of income, comprehensive 
income, stockholders' equity, and cash flows, and the related notes and schedules 
(collectively referred to as the "financial statements"). As described in the following 
paragraph, because the Company did not take physical inventories and we were not able to 
apply other auditing procedures to satisfy ourselves as to inventory quantities and the cost 
of property and equipment, we were not able to obtain sufficient appropriate audit evidence to 
provide a basis for an audit opinion on the financial statements, and we do not express an 
opinion on these financial statements. 


(continued) 
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(continued) 


The Company did not make a count of its physical inventory in 20X2 or 20X1, stated in the 
accompanying financial statements at $ as of December 31, 20X2, and at $ 

as of December 31, 20X1. Further, evidence supporting the cost of property and equipment 
acquired prior to December 31, 20X1, is no longer available. The Company's records do 

not permit the application of other auditing procedures to inventories or property and 
equipment. 


Basis for Disclaimer of Opinion 


These financial statements are the responsibility of the Company's management. We are 

a public accounting firm registered with the Public Company Accounting Oversight Board 
(United States) (PCAOB) and are required to be independent with respect to the Company 
in accordance with the U.S. federal securities laws and the applicable rules and regulations 
of the Securities and Exchange Commission and the PCAOB. 


[Second paragraph within this section of standard issuer audit report should be omitted] 
[Signature] 

We have served as the Company's auditor since [year]. 

[City and state or country] 

[Date] 


3.1.5 Sample Report: Disclaimer of Opinion Due to Lack of Independence (Issuer) 


An accountant who is "associated with" financial statements but is not independent should 
disclaim an opinion. 


We are not independent with respect to XYZ Company, and the accompanying balance sheet 
as of December 31, 20XX, and the related statements of income, retained earnings, and 
cash flows for the year then ended were not audited by us and, accordingly, we do not 
express an opinion on them. 


Pass Key 


A commonly tested area is the concept of uncertainty. The chart below will assist you in 
mastering this area. 


No material misstatement Material misstatement Insufficient evidence 
and sufficient evidence related to the uncertainty (scope limitation) 
Unmodified Qualified or adverse Qualified or disclaimer 
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Auditor's Report Summary (Nonissuer) 


Basis for Management Auditor Key Audit 
Type of Opinion Opinion Responsibility | Responsibility Matters 
Opinion Section Section Section Section Section 
Misstatement 
Immaterial Unmodified | Present fairly | Standard Standard Standard when 
engaged 
Material Amended When 
but not Qualified Except for to describe Standard Standard 
; engaged 
pervasive matter 
; Amended 
ee Adverse ee to describe Standard Standard a Ve 
P P Y| matter 
Scope Limitation 
Immaterial Unmodified | Present fairly | Standard Standard Standard idee 
engaged 
Material Except for Amend to When 
but not Qualified possible describe Standard Standard 
; engaged 
pervasive effects matter 
Engaged 
Material and bidet to audit, pene i Content Do not 
; Disclaimer aie describe Standard — . 
pervasive no opinion limited include 
matter 
expressed 
Auditor's Report Summary (Issuer) 
Type of Additional | Basis for Opinion | Critical Audit 
Opinion Opinion Section | Paragraph Section Matters 
Misstatement 
Immaterial Unqualified Standard No Standard Standard 
Material but not Qualified Except for Yes Standard Standard 
pervasive 
Material and pervasive Adverse Be ie Yes Standard Omit 
Scope Limitation 
Immaterial Unqualified Standard No Standard Standard 
Material but not Qualified Except for Yes . EScebiae Standard 
pervasive discussed above 
‘ ' wit Engaged to audit Omit certain ; 
Material and pervasive Disclaimer and Bisclainier Yes Sentences Omit 
Lack of Independence 
Disclaimer None None Disclaimer Omit 
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Other-Matter, and 
Explanatory Paragraphs 


1 Emphasis-of-Matter Paragraphs (Nonissuers) 


An emphasis-of-matter paragraph is included in the auditor's report when required by GAAS 
or at the auditor's discretion. An emphasis-of-matter paragraph is used when referring to a 
matter that is appropriately presented or disclosed in the financial statements and is of such 
importance that it is fundamental to the users' understanding of the financial statements. 
The inclusion of an emphasis-of-matter paragraph in the auditor's report does not affect the 
auditor's opinion. 


1.1 Report Requirements 


When an emphasis-of-matter paragraph is included in the auditor's report, the auditor should: 


1. use the heading "Emphasis-of-Matter" or other appropriate heading (required to use 
heading "Emphasis-of-Matter" when the auditor has been engaged to communicate key 
audit matters); 


2. describe the matter being emphasized and the location of relevant disclosures about the 
matter in the financial statements; and 


3. indicate that the auditor's opinion is not modified with respect to the matter emphasized. 
1.2 Use of Emphasis-of-Matter Paragraphs 


1.2.1 Use Required 
An emphasis-of-matter paragraph is required in the following circumstances: 


= To describe a justified change in accounting principle that has a material effect on the 
entity's financial statements or a change in the reporting entity that results in financial 
statements that, in effect, are those of a different reporting entity. 


=m Subsequently discovered facts lead to a change in audit opinion (the auditor may use an 
emphasis-of-matter or other-matter paragraph, as appropriate). 


= The financial statements are prepared in accordance with an applicable special purpose 
framework (other than regulatory basis financial statements intended for general use). 


© Becker Professional Education Corporation. All rights reserved. Module 7 A1-57 


Emphasis-of-Matter, Other-Matter, and Explanatory Paragraphs AUD 1 


1.2.2 Use May Be Necessary 


At times, the use of an emphasis-of-matter paragraph is not required, but may still be used 

at the discretion of the auditor. An auditor can use an emphasis-of-matter paragraph when 
referring to any matter that is appropriately presented or disclosed in the financial statements 
and is of such importance that it is fundamental to the user's understanding of the financial 
statements. Examples include: 


=m Anuncertainty related to the outcome of unusually important litigation or regulatory action. 
A major catastrophe having a significant effect on the entity's financial position. 

Significant related party transactions. 

Unusually important subsequent events. 


Conditions raising a substantial doubt about an entity's ability to continue as a going 
concern for a reasonable period of time exist but have been alleviated by management's 
plans and adequately disclosed. 


The use of an emphasis-of-matter paragraph is not appropriate if the matter requires the 
auditor to modify the opinion on the financial statements or if it is determined to be a key audit 
matter to be separately communicated. 


Pass Key 


The examiners like to ask questions about uncertainties, such as lawsuits. 


Management must analyze the existing conditions surrounding the uncertainties. The 
decision to accrue and/or disclose is based on the probability of loss and whether the loss 
can be estimated. The chart below shows the different scenarios. 


_ Probable Accrue and disclose Disclose 
Reasonably possible Disclose Disclose 
Remote Generally ignore 


The auditor will normally not add an emphasis-of-matter paragraph for uncertainties that are 
appropriately accounted for. However, if a question indicates that the uncertainty (such as 
the lawsuit) is "unusually important" then an emphasis-of-matter paragraph may be added. 
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2  Other-Matter Paragraphs (Nonissuers) 


An other-matter paragraph is included in the auditor's report when required by GAAS or at the 
auditor's discretion. Other-matter paragraphs refer to matters other than those presented or 
disclosed in the financial statements that are relevant to the users' understanding of the audit, 
the auditor's responsibilities, or the auditor's report. 


2.1. Report Requirements 


When an other-matter paragraph is included in the auditor's report, the auditor should use the 
heading "Other-Matter" or other appropriate heading. When the auditor has been engaged to 
communicate key audit matters, the use of an "Other-Matter" paragraph is not appropriate for a 
matter identified as a key audit matter to be separately communicated. 


2.2 Use of Other-Matter Paragraphs 
2.2.1 Use Required 


An other-matter paragraph is required in the following circumstances: 


=m Anytime the auditor includes an alert in the audit report that restricts the use of the 
auditor's report. 


= Subsequently discovered facts lead to a change in audit opinion (the auditor may use an 
emphasis-of-matter or other-matter paragraph, as appropriate). 


= The financial statements of the prior period were audited by a predecessor auditor and the 
predecessor's audit report is not reissued. 


= Current period financial statements are audited and presented in comparative form with 
compiled or reviewed financial statements for the prior period, or in comparative form with 
prior period financial statements that were not audited, reviewed, or compiled. 


= To restrict the use of the auditor's report when special purpose financial statements are 
prepared in accordance with a contractual or regulatory basis of accounting (except when 
regulatory basis financial statements are intended for general use). 


=m Areport on compliance is included in the auditor's report on the financial statements. 


2.2.2 Use May Be Necessary 
An other-matter paragraph may be necessary in the following circumstances: 


= To describe the reasons why the auditor cannot withdraw from an engagement 
when the auditor is unable to obtain sufficient appropriate audit evidence due to a 
management-imposed scope limitation and the possible effects on the financial statements 
of undetected misstatements could be both material and pervasive, but the auditor is 
unable to withdraw from the engagement. 


= Law, regulation, or generally accepted practice require or permit the auditor to provide 
further explanation of the auditor's responsibilities. 


= The auditor has been engaged to report on more than one set of financial statements 
when each set of financial statements has been prepared in accordance with a different 
general-purpose framework. 
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3 ‘Explanatory Paragraph (Issuers) 


An explanatory paragraph is included in the auditor's report when required by PCAOB auditing 
standards or at the auditor's discretion. The inclusion of an explanatory paragraph in the 
auditor's report does not affect the auditor's opinion. 


3.1 Report Requirements 


The explanatory paragraph generally should include an appropriate heading. The paragraph 
should describe the matter being emphasized and the location of relevant disclosures about the 
matter in the financial statements. 


The explanatory paragraph will generally follow the opinion paragraph when added to an 
unqualified report. 


3.2 Use of Explanatory Paragraphs 
3.2.1 Use Required 


An explanatory paragraph is required in the following circumstances: 
=m There is substantial doubt about the entity's ability to continue as a going concern. 


=m There has been a material change between periods in accounting principles or in the 
method of their application. 


m There has been a change in a reporting entity, unless the change in the reporting entity 
results from a transaction or event, such as the creation, cessation, or complete or partial 
purchase or disposition of a subsidiary or other business unit. 


=m There has been a change in an investee year-end that has a material effect on the 
company's financial statements. 


= Amaterial misstatement in previously issued financial statements has been corrected. 


= Other information in a document containing audited financial statements is materially 
inconsistent with information appearing in the financial statements. 


= Selected quarterly financial data required by SEC Regulation S-K has been omitted or has 
not been reviewed. 


= Supplementary information required by an applicable financial reporting framework has 
been omitted; the presentation of such information departs materially from the applicable 
financial reporting framework; the auditor is unable to complete prescribed procedures with 
respect to such information; or the auditor is unable to remove substantial doubts about 
whether the supplementary information conforms to the requirements of the applicable 
financial reporting framework. 


= The prior year audit report is not presented.* 
m= The prior year opinion is updated.* 


= Management is required to report on the company's internal controls over financial 
reporting but such report is not required to be audited, and the auditor has not been 
engaged to perform an audit of management's assessment of the effectiveness of the 
company's internal control over financial reporting.* 


* No heading is required for the explanatory paragraph (language) for circumstances notated 
with the asterisk. 
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3.2.2 Use May Be Necessary 


The auditor may emphasize a matter regarding the financial statements in the auditor's report 
("emphasis paragraph"). If the auditor adds an emphasis paragraph in the auditor's report, the 
auditor should use an appropriate section heading. 


Mes Pass Key 


The circumstances that require an auditor to add an explanatory paragraph in an issuer 
audit report are very similar to the circumstances that require an auditor to add an 
emphasis-of-matter or other-matter paragraph to a nonissuer audit report. 


4 Other Audit Considerations 


4.1 Lack of Consistency 


Consistency deals with the comparability of the financial statements from year to year. Unless 
the auditor's report explicitly states otherwise, the auditor's report implies that the financial 
statements are comparable between periods. The auditor should evaluate whether the 
comparability of consistency of the financial statements between periods has been affected 
by a change in accounting principle or by an adjustment to correct a material misstatement in 
previously issued financial statements. 


4.1.1 Acceptability of a Change in Accounting Principle 
When evaluating the acceptability of an accounting change, the auditor should consider whether: 


1. the newly adopted accounting principle is in accordance with the applicable financial 
reporting framework; 


2. the method of accounting for the change is acceptable; 
3. the disclosures related to the accounting change are appropriate and adequate; and 
4. the entity has justified that the alternative accounting principle is preferable. 


If the auditor is satisfied that all four criteria are met, the auditor should include an 
emphasis-of-matter (explanatory) paragraph in the auditors’ report. If any of the criteria are 
not met, the auditor should evaluate whether the accounting change results in a material 
misstatement and modify the auditor's opinion accordingly. 


4.1.2 Examples of Circumstances That Affect Consistency 
The following situations require an emphasis-of-matter (explanatory) paragraph: 


=m Achange in accounting estimate that is inseparable from a change in accounting principle 
(e.g., a change in depreciation method). 


®™ Corrections of an error in accounting principle (e.g., from cash method to accrual method). 


=m Achange in reporting entity that results in financial statements that are, in effect, those of a 
different reporting entity. 


= Correction of a material misstatement in previously issued financial statements. 
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If an entity's financial statements include a significant investment accounted for using the 


equity method, the auditor's evaluation of consistency should include consideration of the 
investee. If the investee makes a change in accounting principle that is material to the investing 
entity, the change should be described in an emphasis-of-matter (explanatory) paragraph. 


Other changes in accounting estimates or corrections of errors (i.e., mathematical mistakes, 
oversights, etc.) do not affect the consistency standard and do not affect the auditor's report. 


4.1.3 Effect of an Acceptable Change on the Auditor's Report 


If the effect of a change in accounting principle is immaterial, no revision to the report is 
necessary. If the effect is material, an emphasis-of-matter (explanatory) paragraph should 
be added. The emphasis-of-matter (explanatory) paragraph should describe the change in 
accounting principle and provide a reference to the entity's disclosure about the change. 


The emphasis-of-matter (explanatory) paragraph should be included in the auditor's report 

in the period of the change in accounting principle and all subsequent periods, until the new 
accounting principle is applied to all periods presented. If the change in accounting principle is 
accounted for by retroactive restatement, the emphasis-of-matter (explanatory) paragraph is 


only needed in the period of the change. 


) 


Summary 


Below is asummary of the different circumstances that require an emphasis-of-matter, 


other-matter, or explanatory paragraph. 


Emphasis- 
Paragraph Type* of-Matter |Other-Matter| Explanatory 
Location Relative to Opinion Paragraph Not specified | Not specified After* 
Material justified change in accounting principle v v 
Change in audit opinion v OR Vv v 
Prior financial statements audited by prior auditor of yf 
and prior auditor's report is not presented 
Comparative financial statements where the current rs Jt 
year is audited and prior period is not audited 


Refer to other information 


Report in separate section 


Required when 
issues with info* 


Report on supplementary information within 
auditor's report 


Report in separate section 


Py a 


Required when 


Refer to required supplementary information Report in separate section 


issues with info* 


Special purpose framework v ¥* 
Restrict use of report v v 
Going concern when substantial doubt is not , ‘ 

‘ Report in separate section v 
alleviated 
Report on compliance in auditor's report v e* 


*Although PCAOB guidelines do not specify the location for the explanatory paragraph for these 
circumstances, the explanatory paragraph is generally placed after the opinion paragraph. 
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Va Pass Key 


Candidates will probably receive questions involving the emphasis-of-matter, other-matter, 
or explanatory paragraphs. It is important to note that the use of such paragraphs still 
represents an unmodified (unqualified) opinion. The additional language is used to 
highlight particular circumstances without modifying the opinion. 
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NOTES 
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Reporting With Different 
Opinions and Other Auditors 


1 Reporting on Comparative Financial Statements 


When comparative financial statements are presented, the auditor's report should refer to each 
period for which financial statements are presented and on which an audit opinion is expressed. 
Because the report date for the audit of the most recent financial statements is used, the auditor 
should update the audit reports on financial statements previously issued. 


Update can mean reaffirm or it can mean change the original opinion as a result of changed 
conditions or information coming to the auditor's attention during the current engagement. If 
comparative information is presented but not covered by the auditor's opinion, the auditor should 
indicate clearly in the auditor's report the character of the auditor's work, if any, and the degree of 
responsibility the auditor is taking. If the auditor is engaged to express an opinion on all periods 
presented, the auditor should consider whether the information included for the prior periods 
contains sufficient detail to constitute fair presentation with the applicable reporting framework. 


1.1. Reporting With Different Opinions 


The auditor's current year report will generally cover all financial statements for all years presented. 
The auditor may express a qualified or adverse opinion, disclaim an opinion, or include an 
emphasis-of-matter, other-matter, or explanatory paragraph with respect to one or more financial 
statements for one or more periods, while expressing a different opinion on one or more financial 
statements of another period presented. Some examples of varying opinions are included below. 


1.1.1 Sample Report: Unmodified Prior Year With Current Year Qualified (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Qualified Opinion 


We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes 
in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


In our opinion, except for the effects on the accompanying 20X1 financial statements of 
not capitalizing certain lease obligations as described in the Basis for Qualified Opinion 
section of our report, the financial statements present fairly, in all material respects, the 
financial position of ABC Company as of December 31, 20X1 and 20X0, and the results of 
its operations and its cash flows for the years then ended in accordance with accounting 
principles generally accepted in the United States of America. 


(continued) 
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(continued) 


Basis for Qualified Opinion 


ABC Company has excluded, from property and debt in the accompanying 20X1 balance 
sheet, certain lease obligations that were entered into in 20X1 that, in our opinion, should 
be capitalized in accordance with accounting principles generally accepted in the United 
States of America. If these lease obligations were capitalized, property would be increased 
by $XXX, long-term debt by $XXX, and retained earnings by $XXX as of December 31, 20X1, 
and net income and earnings per share would be increased (decreased) by $XXX and $XXX, 
respectively, for the year then ended. 


We conducted our audits in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audit. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our qualified audit opinion on the 20X11 financial statements and for our 
opinion on the 20X0 financial statements. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 


Sample Report: Unmodified Current Year With Disclaimer 
on Prior Year Statements of Income, Changes in Stockholders’ Equity, 
and Cash Flows (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Opinion 
We have audited the financial statements of ABC Company, which comprise the balance 
sheets as of December 31, 20X2 and 20X1, and the related statements of income, changes 


in stockholders' equity, and cash flows for the years then ended, and the related notes to 
the financial statements. 


(continued) 
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(continued) 


In our opinion, the accompanying balance sheets of ABC Company as of December 31, 
20X2 and 20X1, and the statements of income, changes in stockholders' equity, and cash 
flows for the year ended December 31, 20X2, present fairly, in all material respects, the 
financial position of ABC Company as of December 31, 20X2 and 20X1, and the results of 
its operations and its cash flows for the year ended December 31, 20X2, in accordance with 
accounting principles generally accepted in the United States of America. 


Disclaimer of Opinion on 20X1 Operations and Cash Flows 


We do not express an opinion on the accompanying results of operations and cash flows 
for the year ended December 31, 20X1. Because of the significance of the matter described 
in the Basis for Disclaimer of Opinion section of our report, we have not been able to obtain 
sufficient appropriate audit evidence to provide a basis for an audit opinion on the results 
of operations and cash flows. 


Basis for Opinion 


We conducted our audits in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements section 
of our report. We are required to be independent of ABC Company and to meet our other 
ethical responsibilities, in accordance with the relevant ethical requirements relating to our 
audit. We believe that the audit evidence we have obtained is sufficient and appropriate to 
provide a basis for our audit opinion on the balance sheets as of December 31, 20X2 and 
20X1, and the statements of income, changes in stockholders' equity, and cash flows for the 
year ended December 31, 20X2. 


Basis for Disclaimer of Opinion on 20X1 Operations and Cash Flows 


We did not observe the taking of the physical inventory as of December 31, 20X0, because 
that date was prior to our engagement as auditors for ABC Company, and we were unable 
to satisfy ourselves regarding inventory quantities by means of other auditing procedures. 
Inventory amounts as of December 31, 20X0, enter into the determination of net income 
and cash flows for the year ended December 31, 20X1. 


Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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1.1.3. Sample Report: Unqualified Prior Year Financial Statements 


A1-68 


With Current Year Qualified (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as of 
December 31, 20X2 and 20X1, the related statements of income, comprehensive income, 
stockholders' equity, and cash flows for each of the years then ended, and the related notes 
and schedules (collectively referred to as the "financial statements"). In our opinion, except 
for the effects on the 20X2 financial statements of not capitalizing certain lease obligations 
as described in the following paragraph, the financial statements present fairly, in all 
material respects, the financial position of the Company as of December 31, 20X2 and 20X1, 
and the results of its operations and its cash flows for the years then ended in conformity 
with accounting principles generally accepted in the United States of America. 


The Company has excluded, from property and debt in the accompanying 20X2 balance 
sheet, certain lease obligations that were entered into in 20X2 which, in our opinion, 
should be capitalized in order to conform with accounting principles generally accepted in 
the United States of America. If these lease obligations were capitalized, property would 


be increased by $ , long-term debt by $ , and retained earnings by $ 
as of December 31, 20X2, and net income and earnings per share would be increased 
(decreased) by $ and $ , respectively, for the year then ended. 


Basis for Opinion 

[Basis for Opinion paragraph same as standard issuer audit report] 
Critical Audit Matters 

[Critical Audit Matters section same as standard issuer audit report] 
[Signature] 

We have served as the Company's auditor since [year]. 


[City and state or country] 
[Date] 


Sample Report: Unqualified Current Year With Disclaimer 
on Prior Year Statements of Income, Changes in Stockholders’ Equity, 
and Cash Flows (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying balance sheets of X Company (the "Company") as 

of December 31, 20X2 and 20X1, and the related statements of income, comprehensive 
income, stockholders' equity, and cash flows for the year ended December 31, 20X2, and 
the related notes and schedules (collectively referred to as the "financial statements"). 


(continued) 
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(continued) 


In our opinion, the balance sheets of the Company as of December 31, 20X2 and 20X1, and 
the related statements of income, comprehensive income, stockholders' equity, and cash 
flows for the year ended December 31, 20X2, present fairly, in all material respects, the 
financial position of the Company as of December 31, 20X2 and 20X1, and the results of 

its operations and its cash flows for the year ended December 31, 20X2, in conformity with 
accounting principles generally accepted in the United States of America. Because of the 
matter discussed in the following paragraph, we were not able to obtain sufficient appropriate 
audit evidence to provide a basis for an audit opinion on the results of operations and cash 
flows, and we do not express an opinion on the results of operations and cash flows for the 
year ended December 31, 20X1. 


We did not observe the taking of the physical inventory as of December 31, 20X0, since 

that date was prior to our appointment as auditors for the Company, and we were unable 

to satisfy ourselves regarding inventory quantities by means of other auditing procedures. 
Inventory amounts as of December 31, 20X0, enter into the determination of net income and 
cash flows for the year ended December 31, 20X1. 


Basis for Opinion 
[Same first paragraph under Basis for Opinion as standard issuer audit report] 


Except as explained above, we conducted our audits in accordance with the standards of 
the PCAOB. [Remainder of paragraph same as standard issuer audit report] 


Critical Audit Matters 

[Critical Audit Matters section same as standard issuer audit report] 
[Signature] 

We have served as the Company's auditor since [year]. 

[City and state or country] 

[Date] 


Pass Key 


When the prior year's financial statements were not audited and the current year's 
financial statements are being audited, the auditor is in essence facing a scope limitation. 
The beginning balances may not be ascertainable and therefore a disclaimer of opinion on 
the statements of income, retained earnings, and cash flows may be required. 


1.2 Updating (Changing) Prior Opinions 


If, during the current examination, the auditor becomes aware of evidence that affects the 
prior statements and the opinion that was expressed, the auditor should update the opinion in 
the current year's report. For example, a previous report that was qualified due to a departure 
from the financial reporting framework would no longer be appropriate in the event of 

the restatement of the prior year's financial statements. 
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1.2.1 Format 


If the updated opinion differs from the previous opinion, the auditors should disclose the reason(s) 
in an emphasis-of-matter or other-matter paragraph (nonissuers) or explanatory paragraph 
(issuers) (following the opinion paragraph). The paragraph should disclose the following: 


= Date of the auditor's previous report 
Opinion type previously issued 

Reason for the prior opinion 

Changes that have occurred 

Statement that the "opinion ... is different." 


Pass Key 


Remember, only "DORCS" change their mind. 


1.2.2 Sample Paragraph 


In our report dated March 1, 20X1, we expressed an opinion that the 20X0 financial 
statements did not fairly present the financial position, results of operations, and cash 
flows of ABC Company in accordance with accounting principles generally accepted in 

the United States of America because of two departures from such principles: (1) ABC 
Company carried its property, plant, and equipment at appraisal values, and provided for 
depreciation on the basis of such values; and (2) ABC Company did not provide for deferred 
income taxes with respect to differences between income for financial reporting purposes 
and taxable income. As described in Note X, the Company has changed its method 

of accounting for these items and restated its 20X0 financial statements to conform 
accounting principles generally accepted in the United States of America. Accordingly, our 
present opinion on the restated 20X0 financial statements, as presented herein, is different 
from that expressed in our previous report. 


1.3. Reporting With Predecessor Auditors 


1.3.1 Report of the Predecessor Auditor Presented 


Predecessor auditors may reissue their report on financial statements as long as the report 
is still appropriate. However, the current presentation of the prior period statements or the 
occurrence of subsequent events may make the previous report inappropriate. In deciding 
whether to reissue their report, the predecessor auditors should: 


1. Read the statements for the current period. 
2. Compare the statements audited with the current period statements. 
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3. Obtain a letter of representation from the successor auditor. The representation letter 
should state whether the successor auditor's audit revealed any matters that, in the 
successor auditor's opinion, might have a material effect on, or require disclosure in, the 
statements reported on by the predecessor auditor. 


4. Inquire of and obtain a letter of representation from management at or near the date of 
reissuance. The representation letter should state whether management believes that 
any of the previous management representations need to be modified and whether there 
have been any subsequent events requiring adjustment to or disclosure in the reissued 
financial statements. 


5. Date the report as appropriate: 


e Unrevised: Use the original report date in any reissue of a previous report, because the 
predecessor auditor has limited knowledge of the former client's current status. 


e Revised: Dual date is used in the event that the predecessor auditor revises the report. 
1.3.2 Report of the Predecessor Auditor Not Reissued 


When the successor auditor does not present the predecessor auditor's report, the successor 
auditor should express an opinion on the current period financial statements only and indicate 
in an other-matter paragraph (nonissuer) or explanatory paragraph (issuer): 


1. That the financial statements of the prior period were audited by a predecessor auditor. 
The predecessor auditors should not be named unless the practice of the predecessors was 
acquired by or merged with that of the successor. 


2. The type of opinion expressed by the predecessor auditor and, if the opinion was modified, 
the reasons for the modification. 


3. The nature of any emphasis-of-matter, other-matter, or explanatory paragraph included in 
the predecessor auditor's report. 


4. The date of the predecessor auditor's report. 


1.4 Prior Period Financial Statements Not Audited 


Whenever unaudited financial statements are presented in comparative form with audited 
financial statements, the unaudited financial statements should be clearly marked to indicate 
their status. 


1.4.1 Prior Period Statements Reviewed or Compiled 


When the current period financial statements are audited and presented in comparative form 
with prior period financial statements that were reviewed or compiled, and the report of the 
prior period is not reissued, the auditor should include an other-matter paragraph (nonissuer) or 
explanatory paragraph (issuer) in the auditor's report that includes: 


1. the service (review or compilation) performed in the prior period; 

2. the date of the prior period report; 

3. adescription of any material modifications described in the report; and 
4 


a statement that the service was less in scope than an audit and does not provide the basis 
for expressing an opinion on the financial statements as a whole (review engagement); or 


5. astatement that no opinion or other form of assurance is expressed on the financial 
statements (compilation engagement). 
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1.4.2 Sample Paragraph: Prior Period Review 


The 20X1 financial statements were reviewed by us (other accountants) and our (their) 
report thereon, dated March 1, 20X2, stated we (they) were not aware of any material 
modifications that should be made to those statements for them to be in accordance 

with accounting principles generally accepted in the United States of America. A review is 
substantially less in scope than an audit and does not provide a basis for the expression of 
an opinion on the financial statements taken as a whole. 


1.4.3 Prior Period Statements Not Audited, Reviewed, or Compiled 


If the prior period statements were not audited, reviewed, or compiled, the financial statements 
should be clearly marked, and the auditor's report should include an other-matter paragraph 
(nonissuer) or explanatory paragraph (issuer) to indicate that the auditor did not audit, review, 
or compile the prior period financial statements and that the auditor assumes no responsibility 
for them. 


Note: If unaudited financial statements are presented in comparative form with audited 
financial statements in documents filed with the SEC, such statements should be marked 
"unaudited," but should not be referred to in the auditor's report. 


2 Reporting on Audits of Group Financial Statements 


When an auditor acts as the auditor of group financial statements, the auditor must determine 
whether to make reference to any component auditors in the auditor's report on the group 
financial statements. 


2.1. Definitions 


The following definitions will be helpful to understanding audits of group financial statements: 


= Component: A component is an entity or business activity that prepares financial 
information that is included in the group financial statements. 


= Component Auditor: A component auditor is an auditor who performs work on the 
financial information of a component that will be used as audit evidence for the group audit. 
A component auditor may be part of the group engagement partner's firm, a network firm, 
or another firm. 


= Group Engagement Partner: The group engagement partner (as named by the AICPA)/ 
principal auditor (as named by the PCAOB auditing standards) is the partner or other person 
in the firm who is responsible for the group audit engagement and for the auditor's report 
on the group financial statements. 


= Group Engagement Team: The group engagement team includes the group engagement 
partner, other partners, and staff who establish the overall audit strategy, communicate 
with component auditors, perform work on the consolidation process, and evaluate the 
conclusions drawn from the audit evidence as the basis for forming an opinion on the group 
financial statements. 


= Group Financial Statements: Group financial statements are financial statements that 
include the financial information of more than one component. 
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2.2 Understanding the Component Auditor 


The group engagement team must understand the following for each component auditor: 


m= Whether the component auditor is independent and will comply with all relevant 
ethical requirements. 


=m The professional competence of the component auditor. 


=m The extent to which the group engagement team will be involved in the work of the 
component auditor. 


m Whether the group engagement team will be able to get information needed for the 
consolidation process from the component auditor. 


m= Whether the component auditor operates in a regulatory environment that actively 
oversees auditors. 


Pass Key 


If the component auditor is not independent or the group engagement team has serious 
concerns about any of the matters listed above, the group engagement team should not 
use the work of the component auditor or make reference to the component auditor in the 
auditor's report. 


2.3. Determining Whether to Make Reference 


The auditor should use the understanding of each component auditor to determine whether 
to make reference to the component auditor in the auditor's report. The decision is made 
individually for each component auditor. 


When the group engagement team relies on a component auditor to perform a portion of the 
audit, the group engagement team has two alternatives: 


1. Makeno reference in the audit report; or 


2. Make reference in the audit report. 


2.3.1 Option 1: Make No Reference in the Audit Report 


When the group engagement partner decides to assume responsibility for the work of a 
component auditor, no reference to the component auditor should be made in the auditor's 
report because to do so may cause a reader to misinterpret the degree of responsibility 
being assumed. 


When the group auditor is assuming responsibility for the work of a component auditor, the 
group engagement team should determine the type of work to be performed on the financial 
information of the components. 
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= Significant Components: A significant component is a component that is of individual 
financial significance to the group or is likely to include significant risks of material 
misstatement of the group financial statements. 


e Significant Due to Individual Financial Significance: A component that is significant 
due to individual financial significance should be audited by the group engagement 
team or the component auditor. 


e Significant Due to Significant Risks of Material Misstatement: If a component that 
is significant because it is likely to include significant risks of material misstatement to 
the group financial statements, the group engagement team or a component auditor 
should perform an audit of the financial information; and/or an audit of the account 
balances, transactions or disclosures related to the likely significant risk of material 
misstatement; and/or perform specified procedures related to the likely significant risks 
of material misstatement. 


= Components That Are Not Significant: The group engagement team should perform 
analytical procedures for components that are not significant components. 


2.3.2 Option 2: Make Reference in the Audit Report 


Reference to the component auditor should not be made unless the following two requirements 
are met: 


1. The component auditor has performed an audit in accordance with the relevant 
requirements of GAAS, or when required, the PCAOB. 


2. The component auditor's report is not restricted use. 


When making reference to the component auditor, the auditor's report on the group financial 
statements should clearly indicate [in the Opinion section (nonissuer) or the Opinion on 
Financial Statements and Basis for Opinion sections (issuer)]: 


= That the component was not audited by the auditor of the group statements but was 
audited by the component auditor. 


= The magnitude of the portion of the financial statements audited by the component auditor. 


m= When the component's financial statements are prepared using a different financial 
reporting framework from the group financial statements: 


e — the financial reporting framework used by the component; and 


e that the auditor of the group financial statement is taking responsibility for evaluating 
the appropriateness of the adjustments to convert the component's financial 
statements to the group financial reporting framework. 


m= When the component auditor's report on the component's financial statements does not 
state that the audit was performed in accordance with GAAS or PCAOB standards and 
the group engagement partner has determined that the component auditor performed 
additional procedures to meet the relevant requirements of GAAS: 


e the set of auditing standards used by the component auditor; and 


e that additional audit procedures were performed by the component auditor to meet 
the relevant requirements of GAAS. 
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2.3.3. Modified Opinion Issued by the Component Auditor 


If the opinion of the component auditor is modified or the report includes an 
emphasis-of-matter or other-matter (explanatory) paragraph, the group auditor should 
determine the effect on the auditor's report on the group financial statements. When 
appropriate, the group auditor should modify the opinion on the group financial statements, or 
include an emphasis-of-matter or other-matter (explanatory) paragraph in the auditor's report. 


2.3.4 Sample Report: Referencing the Audit of a Component Auditor (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Opinion 


We have audited the consolidated financial statements of ABC Company and its 
subsidiaries, which comprise the consolidated balance sheets as of December 31, 20X1 and 
20X0, and the related consolidated statements of income, changes in stockholders' equity, 
and cash flows for the years then ended, and the related notes to the financial statements. 


In our opinion, based on our audits and the report of the other auditors, the accompanying 
consolidated financial statements present fairly, in all material respects, the financial 
position of ABC Company and its subsidiaries as of December 31, 20X1 and 20X0, and the 
results of their operations and their cash flows for the years then ended in accordance with 
accounting principles generally accepted in the United States of America. 


We did not audit the financial statements of B Company, a wholly owned subsidiary, whose 
statements reflect total assets constituting 20 percent and 22 percent, respectively, of 
consolidated total assets at December 31, 20X1 and 20X0, and total revenues constituting 
18 percent and 20 percent, respectively, of consolidated total revenues for the years then 
ended. Those statements were audited by other auditors, whose report has been furnished 
to us, and our opinion, insofar as it relates to the amounts included for B Company, is 
based solely on the report of the other auditors. 


Basis for Opinion 

[Same as standard nonissuer audit report] 

Responsibilities of Management for the Financial Statements 
[Same as standard nonissuer audit report] 

Auditor's Responsibilities for the Audit of the Financial Statements 
[Same as standard nonissuer audit report] 

Report on Other Legal and Regulatory Requirements 

[Same as standard nonissuer audit report] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 


© Becker Professional Education Corporation. All rights reserved. Module 8 A1-75 


Reporting With Different Opinions and Other Auditors AUD 1 


2.3.5 Sample Report: Referencing the Audit of a Component Auditor (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Opinion on the Financial Statements 


We have audited the accompanying consolidated balance sheets of X Company (the 
"Company") and subsidiaries as of December 31, 20X2 and 20X1, the related statements of 
income, comprehensive income, stockholders’ equity, and cash flows for each of the years 
then ended, and the related notes and schedules (collectively referred to as the "financial 
statements"). In our opinion, based on our audit and the report of the other auditors, the 
consolidated financial statements present fairly, in all material respects, the financial position 
of the Company as of December 31, 20X2 and 20X1, and the results of its operations and 

its cash flows for the years then ended in conformity with accounting principles generally 
accepted in the United States of America. 


We did not audit the financial statements of B Company, a wholly owned subsidiary, which 
statements reflect total assets and revenues constituting 20 percent and 22 percent, 
respectively, of the related consolidated totals. Those statements were audited by other 
auditors whose report has been furnished to us, and our opinion, insofar as it relates to the 
amounts included for B Company, is based solely on the report of the other auditors. 


Basis for Opinion 
[Same as standard issuer report, except for the statement below] 


We believe that our audit and the report of the other auditors provide a reasonable basis 
for our opinion. 


Critical Audit Matters 

[Critical Audit Matters section same as standard issuer audit report] 
[Signature] 

We have served as the Company's auditor since [year]. 

[City and state or country] 

[Date] 
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9 Subsequent Events 


1 Recognition of Subsequent Events 


A subsequent event is an event or transaction that occurs after the balance sheet date but 
before the financial statements are issued or are available to be issued. Subsequent events 
can be divided into two categories—recognized subsequent events and nonrecognized 
subsequent events. 


1.1 Recognized Subsequent Events 


Subsequent events that provide additional information about conditions that existed at the 
balance sheet date. Entities must recognize the effects of all recognized subsequent events 
in the financial statements (for example, by adjusting amounts and/or adding disclosures). 
Examples of recognized subsequent events include: 


= Settlement of Litigation: If litigation that arose before the balance sheet date is settled 
after the balance sheet date but before the date that the financial statements are issued or 
available to be issued, the settlement amount should be considered when determining the 
liability to be reported on the balance sheet date. 


= Loss on an Uncollectible Receivable: The effects of a customer's bankruptcy filing after the 
balance sheet but before the date that the financial statements are issued or available to be 
issued should be considered when determining the amount of the uncollectible receivable 
to be recognized in the financial statements on the balance sheet date. 


1.2 Nonrecognized Subsequent Events 


Subsequent events that provide information about conditions that occurred after the 
balance sheet date and did not exist at the balance sheet date. Entities should not recognize 
nonrecognized subsequent events in the financial statements. 


The following subsequent events occurring after the balance sheet date but before the date the 
financial statements are issued or are available to be issued are considered to be nonrecognized 
subsequent events: 


Sale of bond or capital stock 

Business combination 

Settlement of litigation, if the litigation arose after the balance sheet date 
Loss of plant or inventory due to fire or natural disaster 


Changes in the fair value of assets or liabilities or foreign exchange rates 


Entering into significant commitments or contingent liabilities 
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2 Management's Responsibility for Subsequent Events 


2.1 Subsequent Event Evaluation Period 


Public companies and other entities that intend to widely distribute financial statements must 
evaluate subsequent events through the date that the financial statements are issued. All 
other entities must evaluate subsequent events through the date that the financial statements 
are available to be issued. Financial statements are considered to be issued when they have 
been widely distributed to financial statement users in a form and format that complies with 
GAAP. Financial statements are available to be issued when they are in a form and format that 
complies with GAAP and all approvals for issuance have been obtained. 


2.2  Reissuance of Financial Statements 


When an entity reissues its financial statements, the entity should not recognize events that 
occurred between the date the original financial statements were issued or available to be 
issued and the date that the financial statements were reissued unless an adjustment is 
required by GAAP or other regulatory requirements. 


2.3. Subsequent Event Disclosures 


Nonissuers must disclose the date through which subsequent events have been evaluated, 
including whether that date is the date the financial statements were issued or the date that the 
financial statements were available to be issued. This disclosure is not required for issuers to 
avoid potential conflicts with current SEC guidance. 


A nonrecognized subsequent event should be disclosed if disclosure is necessary to keep 
the financial statements from being misleading. Disclosure should include the nature of the 
subsequent event and an estimate of the financial effect of the event or a statement that no 
estimate can be made. Pro forma financial statements showing the effect of the subsequent 
event if it had occurred on the balance sheet date may also be presented. 


2.4 Revised Financial Statements 


Revised financial statements are financial statements that have been revised to correct an 

error or to reflect the retrospective application of U.S. GAAP. Revised financial statements are 
considered reissued financial statements. A nonissuer should disclose in its revised financial 
statements the dates through which subsequent events have been evaluated in both its issued/ 
available-to-be-issued financial statements and its revised financial statements. This disclosure is 
not required for issuers. 


3. Auditor's Responsibility for Subsequent Events 


The period between the date of the financial statements and the date of the auditor's report is 
called the subsequent period. During this period, the auditor has an active responsibility to 
investigate certain subsequent events. During the subsequent period, the auditor should obtain 
an understanding of the procedures management has established to identify subsequent events 
and should perform the following procedures: 


= Post Balance Sheet Transactions: The auditor should review post balance sheet 
transactions for proper cutoff and to better evaluate year-end balances. 


= Representation Letter: The auditor should obtain a representation letter from 
management (usually the CEO and CFO) regarding whether any events occurred during the 
subsequent period that require adjustments to or disclosure in the financial statements. 
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Inquiry: The auditor should inquire of client's legal counsel concerning litigation, claims, 
and assessments. 


The auditor should also inquire of management and those charged with governance about 
whether any subsequent events have occurred that could affect the financial statements. 
Specific inquiries should be made about the following matters: 


e New commitments, borrowings, or guarantees 

e Sales or acquisitions of assets 

e Increases in capital or issuances of debt 

e Assets appropriated by the government or destroyed 

e Developments regarding contingencies 

e Unusual accounting adjustments 

e Events that call into question the appropriateness of the entity's accounting policies 
e Events relevant to the measurement of estimates or provisions 

e Events relevant to the recoverability of assets 

e Changes to related parties or any significant new related party transactions 
e New significant unusual transactions 


Minutes: The auditor should review the minutes of stockholders, directors, and other 
committee meetings during the subsequent period. 


Examine: The auditor should examine the latest available interim financial statements and 
compare them with the financial statements under audit. 


AUDIT—TIME BUDGET OF 2,000 HOURS 
FACTS: The year-end is Dec. 31, 20X1. The report is due Feb. 15, 20X2. 


DETAIL WORK 

* Confirms of: cash, AR, NR, etc. 
* Cash reconciliations 

* Special account analysis 

¢ Physical inventory observation 
¢ Fixed asset verification 

¢ Tests of sales and payroll 

* Internal control review 


1,600 hrs. 


Year-end inventory observation and 
cutoff tests of cash, AR, inventory, 
AP, sales, etc. 


Client closes 
books 


« Review of subsequent AR collections 

* Follow up on confirm requests 

¢ Search for unrecorded liabilities 

* Subsequent events audit program: 
"PRIME" 


300 hrs. | VGEVE=Tire| 
work 


;~ Dec. 27—Jan. 3 Obtain management representation 


20 hrs. “TB SSaa letter (dated Feb. 10) at last minute 


Jan. 15—-Feb.10 
| Auditor IS responsible 
1 Feb. 10—date of auditor’s report 
Auditor is NOT responsible 
Feb. 15—report issued 
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4 Auditor's Responsibility After the Original Date 
of the Auditor's Report 


The auditor has no active responsibility to make any inquiries or to perform any further auditing 
procedures to discover subsequent events after the original date of the auditor's report except 
as described in the chart below. However, if the auditor becomes aware of any information 
relating to subsequent events before the report release date, the auditor should consider 
whether it is necessary to adjust the financial statements or related disclosures. 


The auditor should extend subsequent event procedures beyond the audit report date for the 
situations identified below. The purpose of these procedures is to identify information that, had 
it been known to the auditor as of the date of the auditor's report, may have caused the auditor 
to revise the auditor's report. 


Situation Extend subsequent procedures to: 
Auditor's report on financial statements is The date of the distribution, circulation, or 
included in an exempt offering document submission of the exempt offering document. 


and the auditor is involved* in the offering. 


Auditor's report is included in a registration The date of or shortly before the effective 
statement. date of the registration statement. 


* Involvement in the offering includes assisting the entity in preparing or reading information in the 
document, issuing a comfort letter, participating in due diligence discussions of the offering, issuing an 
attestation report on information relating to the offering, providing a written agreement to use the auditor's 
report, or updating an auditor's report for inclusion in that document. 


4.1 Auditor Action 


If information that materially affects the report and other persons’ reliance on it is discovered 
(and confirmed by the auditor) after issuance of the report, the auditor should advise the 
client to immediately disclose the new information and its impact on the financial statements 
to persons currently relying on or likely to rely on the financial statements. This may be 
accomplished by: 


=m Advising the client to issue revised financial statements (along with a new audit report) 
describing the reasons for revision. 


m Advising the client to make the necessary disclosures and revisions to any imminent 
financial statements (accompanied by an auditor's report for a subsequent period); or 


= Ifthe effect on the financial statements cannot be determined on a timely basis, providing 
notification that the financial statements and auditor's report should not be relied upon. 
In addition, the client should be advised to discuss with the SEC, stock exchanges, and 
appropriate regulatory agencies (where applicable) the new disclosures or revisions. 


Regardless of which disclosure method above is used, the auditor must become satisfied that 
appropriate steps have been taken by the client. 
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4.2 Report Date 


If adjustments or disclosures are made after the original date of the auditor's report, the auditor 
may dual date the report to extend responsibility only for the particular subsequent event. The 
original date of the report is retained for the rest of the financial statements. 


=m Example of dual dating: "January 21, 20X2, except as to Note 2, which is as of February 3, 20X2." 


=  Fornonissuers, dual dating may occur if adjustments or disclosures are made after the 
original date of the auditor's report. 


= Forissuers, dual dating may occur if disclosures are made after the original date of the 
auditor's report. If adjustments are made to the financial statements without any footnote 
disclosure, the original date of the report should be used. 


Alternatively, a later date may be used for the report, but this extends the auditor's responsibility 
for all subsequent events to this later date. 


4.3 Client Refusal 


If the client refuses to proceed as above, the auditor should notify each member of the board 
of directors of such refusal, and of the fact that the auditor will take additional steps to prevent 
further reliance on the auditor's report and the financial statements. 


Additional steps to prevent further reliance include the following: 


= Notify the client that the auditor's report must no longer be associated with the 
financial statement. 


= Notify, if applicable, any regulatory agencies having jurisdiction over the client that the 
auditor's report should no longer be relied on. 


= Notify persons known to be relying or likely to rely on the financial statements that the 
auditor's report should no longer be relied on. 


Any notification to parties other than the client should be as precise and factual as possible, and 
should contain a description of the effect that the discovered information would have had on 
the auditor's report on the financial statements. 


If the client has refused to cooperate, and as a result the auditors were unable to conduct 

an adequate investigation of the information, the auditors’ disclosure need only state that 
information has come to their attention and that, if the information is true, their report should 
no longer be relied upon. 


The auditors should use their professional judgment in the circumstances described above, and 
it may be advisable to consult legal counsel. 


V4 Pass Key 


If the auditor believes that the financial statements need to be revised to reflect a 
subsequent event and management does not make the revision, the auditor should 
express a qualified or adverse opinion. 
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NOTES 
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Information 


1 Other Information 


Frequently, audited financial statements are incorporated into other documents, such as annual 
reports to shareholders or reports by charitable organizations to the general public. 


Other information includes: 

A report by management or those charged with governance on operations 
Financial summaries or highlights 

Employment data 

Planned capital expenditures 

Financial ratios 

Names of officers and directors 


Selected quarterly data 


Other information does not include press releases or cover letters accompanying the document 
containing the audited financial statements and the auditor's report, information contained in 
analyst briefings, or information contained on the entity's website. 


1.1. Auditor's Responsibility 


Through discussion with management, the auditor must determine and obtain written 
acknowledgment regarding which documents make up the annual report. Generally, an auditor is not 
responsible for determining whether other information in documents containing the audited financial 
statements and the auditor's report is properly stated. However, the auditor should read the other 
information because the credibility of the audited financial statements may be undermined if there 
are material inconsistencies between the audited financial statements and the other information. 

The auditor must consider any material inconsistencies between the other information and the 
financial statements and other knowledge obtained during the audit and respond accordingly. 


1.2 Material Inconsistency 


The document containing the audited financial statements may contain other information 
that is materially inconsistent with the financial statements. If the auditor identifies a material 
inconsistency, the auditor should determine whether the audited financial statements or the 
other information needs to be revised and whether the auditor's understanding of the entity 
and its environment needs to be updated. 


Illustration 1 Material Inconsistency 


If other information shows revenue for Year 1 at $20,000,000 and the audited financial 
statements show revenue for Year 1 at $5,000,000, this is a material inconsistency that 
needs additional attention. 
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1.2.1 Audited Financial Statements Require Revision 


If the audited financial statements require revision for a material inconsistency and 
management refuses to make the revision, the auditor should modify the audit opinion. 


1.2.2 Other Information Requires Revision 


If the other information requires revision for a material inconsistency and management refuses 
to make the revision, the auditor should communicate this matter with those charged with 
governance and: 


= consider the implications for the auditor's report; 
= withhold the use of the report; or 
= withdraw from the engagement and consult with legal counsel. 


1.3. Material Misstatement of Fact 


Other information may include a material misstatement of fact that is unrelated to financial 
statement data. If the auditor becomes aware of a material misstatement of fact after reading 
the other information, the auditor should discuss the matter with management. If management 
refuses to take corrective action, the auditor should request that management consult with 

a qualified third party, such as the entity's legal counsel, and the auditor should consider 

the advice received from the third party in determining whether the matter is a material 
misstatement of fact. When the auditor concludes that there is a material misstatement of fact 
that management refuses to correct, the auditor should notify those charged with governance. 


1.4 Reporting on Other Information 


For the audit of a nonissuer, the auditor should reference the other information in the audit 
report on the financial statements by including a separate section within the auditor's report 
with the heading "Other Information" or another appropriate heading. The section of the audit 
report should contain a reference to the other information and language clarifying the auditor's 
responsibility regarding such information: 


Other Information [Included in the Annual Report] 


Management is responsible for the other information [included in the annual report]. The 
other information comprises the [information included in the annual report] but does not 
include the financial statements and our auditor's report thereon. Our opinion on the 
financial statements does not cover the other information, and we do not express an 
opinion or any form of assurance thereon. 

In connection with our audit of the financial statements, our responsibility is to read 
the other information and consider whether a material inconsistency exists between 
the other information and the financial statements, or the other information otherwise 
appears to be materially misstated. If, based on the work performed, we conclude that 
an uncorrected material misstatement of the other information exists, we are required to 
describe it in our report. 


The auditor of an issuer may choose to include an explanatory paragraph within the auditor's 
report disclaiming an opinion on the other information. 
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2 Reporting on Supplementary Information 


Supplementary information is information presented outside the basic financial statements that 
may be presented in a document containing the audited financial statements or separate from 
the financial statements. 


An auditor may be engaged to report on supplementary information in relation to the financial 
statements as a whole. The auditor has two objectives in such engagements: 


1. To evaluate the presentation of the supplementary information in relation to the 
financial statements as a whole. 


2. To report on whether the supplementary information is fairly stated, in all material respects, 
in relation to the financial statements as a whole. 


2.1 Conditions for Reporting 


In order to issue an opinion on whether the supplementary information is fairly stated in all 
material respects in relation to the financial statements as a whole, the auditor must determine 
that the following five conditions are met: 


1. The information was derived from or relates directly to the information used to prepare the 
financial statements. 


The information relates to the same period as the financial statements. 
The financial statements were audited and the auditor issued an auditor's report. 


Neither an adverse opinion nor a disclaimer of opinion was issued on the 
financial statements. 


5. The supplementary information will accompany the audited financial statements or the 
audited financial statements will be made readily available by the entity. 
2.2 Management Responsibility 


The auditor must obtain an agreement of management that it acknowledges and understands 
its responsibilities to: 


1. prepare the information in accordance with applicable criteria; 
2. provide the auditor with written representations related to the information; 


3. include the auditor's report on the supplementary information in any document that 
contains the information; and 


4. present the information with the audited financial statements or make the audited financial 
statements readily available to the intended users of the supplementary information by the 
issuance date of the supplementary information and auditor's report. 


2.3. Audit Procedures 


In addition to the procedures performed during the audit of the financial statements, the auditor 
should perform the following audit procedures using the same materiality level used in the 
financial statement audit: 


= Inquire of management regarding the purpose of the supplementary information and the 
criteria used to prepare the information. 


= Determine whether the form and content of the information complies with the 
applicable criteria. 
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= Obtain an understanding of the methods used to prepare the information, and any changes 
from the methods used in the prior periods, including the reasons for the changes. 


= Compare and reconcile the information to the audited financial statements and underlying 
accounting records. 


= Inquire regarding any significant assumptions underlying the preparation or presentation of 
the information. 


m= Evaluate the appropriateness and completeness of the information. 
= Obtain written representations from management regarding the information. 


The auditor has no responsibility to consider subsequent events with respect to 
supplementary information. 


PCAOB Standards: Guidance for Issuers 


PCAOB standards include the following additional requirements for audit 
procedures: 


e Evaluate the appropriateness of methods used to prepare the supplemental 
information. If the methods have changed, evaluate the appropriateness of 
such changes. 


e Determine that the supplemental information reconciles to the underlying 
accounting and other records or to the financial statements, as applicable. 


e The auditor generally should use the same materiality considerations as those 
used in planning and performing the audit of the financial statements, except 
if an applicable regulatory requirement specifies a ower materiality level to be 
applied to certain supplemental information. 


PCAOB standards include the following additional requirements for evaluation of 
audit results for supplementary information: 


e The auditor should evaluate whether the supplemental information, including 
its form and content, is fairly stated, in all material respects, in relation to 
the financial statements as a whole, including whether the supplemental 
information is presented in conformity, in all material respects, with the 
relevant regulatory requirements or other applicable criteria. 


e The auditor should accumulate misstatements on the supplemental 
information. These misstatements should be communicated to management 
on a timely basis to provide management with an opportunity to correct them. 


e The auditor should evaluate whether uncorrected misstatements related to the 
supplemental information are material, either individually or in combination 
with other misstatements, taking into account relevant quantitative and 
qualitative factors. The auditor should evaluate the effect of uncorrected 
misstatements related to the supplemental information in evaluating the 
results of the financial statement audit. 


A1-86 Module 10 © Becker Professional Education Corporation. All rights reserved. 


AUD 1 Other Information and Supplementary Information 


2.4 Reporting for Nonissuers 


2.4.1 Presentation of Audit Report 


The auditor's report on the supplementary information may either be presented in a separate 


section in the auditor's report on the financial statements with the heading "Supplementary 
Information" or in a separate report. 


= Sample Supplementary Information Section 


Our audit was conducted for the purpose of forming an opinion on the financial statements 

as a whole. The [identify accompanying supplementary information] is presented for purposes of 
additional analysis and is not a required part of the financial statements. Such information is 
the responsibility of management and was derived from and relates directly to the underlying 
accounting and other records used to prepare the financial statements. The information has 
been subjected to the auditing procedures applied in the audit of the financial statements and 
certain additional procedures, including comparing and reconciling such information directly to 
the underlying accounting and other records used to prepare the financial statements or to the 
financial statements themselves, and other additional procedures in accordance with auditing 
standards generally accepted in the United States of America. In our opinion, the information is 
fairly stated in all material respects in relation to the financial statements as a whole. 


m= Separate Report 


When reporting separately, the report should include a reference to the report on the 
financial statements, the date of that report, the nature of the opinion on the financial 


statements, and any report modifications. The auditor may also consider including an alert 
that restricts the use of the separate report solely to the appropriate specified parties to 
avoid potential misinterpretation or misunderstanding of the supplementary information 


that is not presented with the financial statements. 


The date of the auditor's report should not be earlier than the date that the required 
procedures were completed. 


2.4.2 Forming an Opinion on Supplementary Information 
= Material Misstatement 


If the auditor concludes that the supplementary information is materially misstated in 
relation to the financial statements as a whole and management refuses to revise the 
information, that auditor should: 


e Modify the opinion on the supplementary information (qualified or adverse) and 
describe the misstatement. 


e — If aseparate report is being issued on the supplementary information, withhold the report. 


= Effect of Modifications to the Audit Report on the Financial Statements 


When the auditor expresses a qualified opinion on the financial statements and the basis 


for 


the qualification also applies to the supplemental information, the auditor should describe the 
effects of the qualification on the supplemental information in the report on supplemental 


information and should express a qualified opinion on the supplemental information. 


When the auditor's report on the audited financial statements contains an adverse opinion or a 
disclaimer of opinion and the auditor has been engaged to report on supplementary information, 


the auditor is prohibited from expressing an opinion on the supplementary information. 
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2.5 Reporting for Issuers 


2.5.1 Presentation of Audit Report 


Unless prescribed by regulatory requirements, the auditor may either include the auditor's 
report on the supplemental information as an explanatory paragraph in the auditor's report 
on the financial statements, or issue a separate report on the supplemental information. If the 
auditor issues a separate report on the supplemental information, that report should identify 
the auditor's report on the financial statements. 


The [identify supplemental information] has been subjected to audit procedures performed 
in conjunction with the audit of [Company's] financial statements. The [supplemental 
information] is the responsibility of the Company's management. Our audit procedures 
included determining whether the [supplemental information] reconciles to the financial 
statements or the underlying accounting and other records, as applicable, and performing 
procedures to test the completeness and accuracy of the information presented in the 
[supplemental information]. In forming our opinion on the [supplemental information], 

we evaluated whether the [supplemental information], including its form and content, is 
presented in conformity with [specify the relevant regulatory requirement or other criteria, if 
any]. In our opinion, the [identify supplemental information] is fairly stated, in all material 
respects, in relation to the financial statements as a whole. 


2.5.2 Report Date 


The date of the auditor's report on the supplemental information in relation to the financial 
statements as a whole should not be earlier than: 


1. the date of the auditor's report on the financial statements from which the supplemental 
information was derived; and 


2. the date on which the auditor obtained sufficient appropriate audit evidence to support the 
auditor's opinion on the supplemental information in relation to the financial statements 
as a whole. 


2.5.3 Forming an Opinion on Supplementary Information 
Material Misstatements 


If the auditor determines that the supplemental information is materially misstated in 
relation to the financial statements as a whole, the auditor should describe the material 
misstatement in the auditor's report on the supplemental information and express a 
qualified or adverse opinion on the supplemental information. 


= Inability to Obtain Sufficient Appropriate Audit Evidence 


If the auditor is unable to obtain sufficient appropriate audit evidence to support an 
opinion on the supplemental information, the auditor should disclaim an opinion on the 
supplemental information. In those situations, the auditor's report on the supplemental 
information should describe the reason for the disclaimer and state that the auditor is 
unable to and does not express an opinion on the supplemental information. 
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= Effect of Modifications to the Audit Report on the Financial Statements 


When the auditor expresses a qualified opinion on the financial statements and the 
basis for the qualification also applies to the supplemental information, the auditor 
should describe the effects of the qualification on the supplemental information in the 
report on supplemental information and should express a qualified opinion on the 
supplemental information. 


When the auditor expresses an adverse opinion or disclaims an opinion on the financial 
statements, the auditor should also express an adverse opinion or disclaim an opinion on 
the supplemental information, as appropriate. 


3 Required Supplementary Information 


Certain entities are required by a designated standard setter to prepare specific information that 
is supplementary to the basic financial statements. In the absence of any separate requirement 
particular to the engagement, the auditor's opinion on the financial statements does not cover 
the required supplementary information. 


3.1 Required Procedures 


The auditor should perform the following procedures on required supplementary information: 


1. Inquire of management about the methods used to prepare the required supplementary 
information, including whether it was prepared in accordance with prescribed guidance, 
whether there were changes in the methods used from prior years and reasons for those 
changes, and whether there were any significant assumptions underlying the measurement 
or presentation of the required information. 


2. Determine if the supplementary information is consistent with management's responses, 
audited financial statements, and other knowledge. 


3. Obtain written management representations regarding the required 
supplementary information. 


If the auditor is unable to perform these procedures due to difficulties in dealing with 
management, the auditor should inform those charged with governance. 


3.2 Reporting on Supplementary Information 


3.2.1 Separate "Required Supplementary Information" Section (Nonissuer) 


The audit report for nonissuers on the financial statements should include a separate section 
in the auditor's report on the financial statements with language to explain the following 
circumstances, as applicable: 


= the required supplementary information is included and the auditor has applied the 
required procedures; 


=m the required supplementary information is omitted; 


= some required supplementary information is missing and some is presented in accordance 
with the prescribed guidelines; 


= the auditor has identified material departures from the prescribed guidelines; 
= the auditor is not able to complete the required procedures; or 


m there are unresolved doubts about conformance of required supplementary information. 
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This separate section should include a statement that the required supplementary information 
is the responsibility of management and that the auditor does not express an opinion on such 
information. If the auditor determines that the required information has not been presented 
as prescribed, and management refuses to make revisions, the auditor should describe 

the departure. 


PCAOB Standards: Guidance for Issuers 


PCAOB standards do not require the auditor to add an explanatory paragraph to 
the audited financial statements to refer to the supplementary information or to 
his or her limited procedures, except if: 


e the required information is omitted; 
e there are material departures from the prescribed guidelines; 
e the auditor is unable to complete prescribed procedures; or 


e there are unresolved doubts about conformance of required supplementary 
information. 


3.2.2 Opinion Permitted 


An auditor is not required to audit required supplementary information. However, a client may 
engage the auditor to report on whether required supplementary information is fairly stated, in 
all material respects, in relation to the financial statements as a whole. 


A1-90 Module 10 © Becker Professional Education Corporation. All rights reserved. 


MODULE 


Special Purpose 
Frameworks 


1 Special Purpose Frameworks 


Normally, financial statements are prepared using a general purpose framework such as U.S. 
GAAP or IFRS, but special purpose frameworks can also be used by nonissuers (issuers must 
follow the required general purpose framework). 


1.1. Types of Special Purpose Frameworks 


A special purpose framework is a financial reporting framework other than GAAP that is one of 
the following bases of accounting: 


= Cash Basis: A basis of accounting that the entity uses to record cash receipts and 
disbursements and modifications of the cash basis having substantial support, such as 
recording depreciation on fixed assets. 


= Tax Basis: A basis of accounting that the entity uses to file its income tax return for the 
period covered by the financial statements. 


= Regulatory Basis: A basis of accounting used to comply with the requirements or financial 
reporting provisions of a regulatory agency having jurisdiction over the reporting entity. 


= Contractual Basis: A basis of accounting that the entity uses to comply with an agreement 
between the entity and one or more third parties other than the auditor. 


= Other Basis: A basis of accounting that uses a definite set of logical, reasonable criteria that 
is applied to all material items appearing in financial statements. 


1.2 Additional Requirements for the Auditor 


When applying auditing standards to an audit of financial statements prepared in accordance 
with a special purpose framework, the auditor should: 


= Obtain an understanding of: 
e The purpose for which the financial statements are prepared. 
e The intended users. 


e The steps taken by management to determine that the applicable financial reporting 
framework is acceptable in the circumstances. 


= Obtain the agreement of management that it acknowledges and understands its 
responsibility to include all informative disclosures that are appropriate for the special 
purpose framework, including: 


e Adescription of the special purpose framework, including a summary of significant 
accounting policies and how the framework differs from GAAP. 


e Informative disclosures similar to GAAP when the special purpose framework contains 
items that are the same as or similar to those in GAAP financial statements. 


© Becker Professional Education Corporation. All rights reserved. Module 11 A1-91 


Special Purpose Frameworks 


AUD 1 


e  Adescription of any significant interpretations of the contract on which the special 
purpose financial statements are based, when the financial statements are prepared in 
accordance with a contractual basis of accounting. 


e Additional disclosures beyond those required by the framework, if needed to achieve 
fair presentation. 


= Obtain an understanding of any significant interpretations of the contract that management 
made in the preparation of the financial statements, when special purpose financial 


statements are prepared in accordance with a contractual basis of accounting. 


= Evaluate whether or not there is substantial doubt about the entity's ability to continue as a going 
concern and the adequacy of any related disclosures, regardless of whether the going concern 
basis of accounting is relevant to the preparation of the special purpose financial statements. 


2 Auditor's Report on Special Purpose Financial Statements 


Special purpose frameworks have additional requirements of elements that must be included 
in the audit report. These additional elements depend on the particular special purpose 
framework. Below is a chart that provides an overview of the reporting requirements for special 
purpose frameworks for nonissuers: 


Special Purpose Frameworks: Overview of Reporting Requirements 


Regulatory 
Regulatory Basis Contractual 
Cash Basis Tax Basis Basis (General Use) Basis Other Basis 
Dual opinion 
Single Single Single orvspeclal Single : Bs 
as oa ie purpose ee Single opinion 
opinion opinion opinion fcaraewark opinion on special 
Opinion(s) on special | onspecial | on special on special 
and generally purpose 
purpose purpose purpose purpose 
accepted framework 
framework | framework | framework : framework 
accounting 
principles 
Description of Ves ifthe 
purpose for which : : 
; financial 
special purpose No No Yes Yes Yes 
; ; statements 
financial statements ; 
are restricted 
are prepared 
Emphasis-of-matter 
paragraph alerting 
readers about the 
preparation in Yes Yes Yes No Yes Yes 
accordance with 
a special purpose 
framework 
Yes, if 
Other-matter measurement 
paragraph or disclosure 
restricting the use No No Yes No Yes criteria is 
of the auditor's suitable only 
report for specific 
users 
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a Pass Key 


The cash, tax, and regulatory bases of accounting are commonly referred to as other 
comprehensive bases of accounting. 


2.1. Differences From Standard Auditor's Report 


The following items are the significant differences between the standard nonissuer auditor's 
report and a report on special purpose financial statements. 


2.1.1 Describe the Purpose of the Financial Statements 


If required, the auditor's report should describe the purpose for which the financial statements 
were prepared or refer to a note that contains that information. 


2.1.2 Non-GAAP Titles 


Special purpose statements should be suitably titled. Terms such as balance sheet, statement 
of financial position, statement of income, statement of operations, and statement of cash 
flows, or similar unmodified titles, are generally understood to be applicable only to financial 
statements that are intended to present financial position, results of operations, or cash flows in 
accordance with GAAP. Examples of suitably titled special purpose financial statements include 
the following: 


=m Balance sheet—cash basis 

Statement of assets and liabilities arising from cash transactions—cash basis 
Statement of assets, liabilities, and stockholders' equity—income tax basis 
Statement of revenue collected and expenses paid—cash basis 

Statement of revenue and expenses—income tax basis 


Statement of income—regulatory basis 


Statement of operations—income tax basis 


2.1.3. Management Responsibility Paragraph 


When management has a choice of financial reporting frameworks, the explanation of 
management's responsibility for the financial statements should also make reference to its 
responsibility for determining that the applicable financial reporting framework is acceptable in 
the circumstances. 


2.1.4 Emphasis-of-Matter Paragraph 
If required, the auditor's report should include an emphasis-of-matter paragraph that: 


=m Indicates that the financial statements are prepared in accordance with the applicable 
special purpose framework. 


= Refers to the note to the financial statements that describes that framework. 
m States that the special purpose framework is a basis of accounting other than GAAP. 


=m States that the financial statements may not be suitable for any purpose other than the 
stated purpose (when the purpose is required to be described). 
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2.1.5 Other-Matter Paragraph 


If required, the auditor's report should include an other-matter paragraph that restricts the use 
of the auditor's report to those within the entity, the parties to the contract or agreement, or the 
regulatory agencies to which the entity is subject. 


Our report is intended solely for the information and use of the board of directors and 
management of ABC Company and [name of regulatory agency] and is not intended to be 
and should not be used by anyone other than these specified parties. 


2.1.6 Regulatory Basis Financial Statements Intended for General Use 


If the special purpose financial statements are prepared in accordance with a regulatory 
basis and intended for general use, the auditor should not include an emphasis-of-matter or 
other-matter paragraph. Instead, the auditor should express an opinion about whether the 
financial statements are: 


= Fairly presented, in all material respects, in accordance with GAAP. 


m= Prepared in accordance with the special purpose framework. 


2.1.7 Auditor's Report Prescribed by Law or Regulation 


If the auditor is required by law or regulation to use a specific layout, form, or wording of the 
auditor's report, the auditor's report should refer to GAAS only if the auditor's report includes, at 
a minimum, each of the elements listed below. If the prescribed specific layout, form, or wording 
of the auditor's report is not acceptable or would cause the auditor to make a statement that the 
auditor has no basis to make, the auditor should reword the prescribed form of report or attach 
an appropriately worded separate report. 


2.2 Reports on Special Purpose Financial Statements 


A report on special purpose financial statements should, at a minimum, include each of the 
following elements: 


= Atitle that clearly states that it is the report of an independent auditor. 
=m An addressee. 


= An opinion section that identifies the special purpose financial statements that have been 
audited, an expression of opinion on the statements, and a reference to the special purpose 
framework used to prepare the financial statements. 


= Adescription of the purpose for which the financial statements are prepared when required. 


= Astatement that the auditor is required to be independent and to meet all other relevant 
ethical requirements. 


= If applicable, a section that addresses the reporting requirements. 


= Adescription of management's responsibility for the preparation and fair presentation 
of the special purpose financial statements and for determining the applicable financial 
reporting framework is acceptable, when required. 


= If applicable, a reference to the law or regulation and a description of the auditor's 
responsibilities for an audit of the financial statements. 
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= If applicable, a section that addresses the reporting requirements related to other 
information included within the report. 


= Anemphasis-of-matter paragraph that, when required: 


e Indicates that financial statements are prepared in accordance with a special 
purpose framework. 


e Refers to the note in the financial statements that describes the framework. 
e States that the special purpose framework is a basis of accounting other than GAAP. 


e When a description of the purpose for which the financial statements are prepared (or 
a reference to a note with such information) is required, a statement that the financial 
statements may not be suitable for another purpose. 


An other-matter paragraph that restricts the use of the auditor's report, when required. 
The signature of the auditor's firm. 


The city and state where the auditor's report is issued. 


The date of the auditor's report. 


2.2.1 Sample Report: Cash Basis of Accounting (Nonissuer) 
The following report would be issued when circumstances include the following: 


= The financial statements have been prepared by management of the entity in accordance 
with the cash basis of accounting. 


=m Management has a choice of financial reporting frameworks. 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Audit of Financial Statements 
Opinion 
We have audited the financial statements of ABC Partnership, which comprise the 
statement of assets and liabilities arising from cash transactions as of December 31, 20X1, 


and the related statement of revenue collected and expenses paid for the year then ended, 
and the related notes to the financial statements. 


In our opinion, the accompanying financial statements present fairly, in all material 
respects, the assets and liabilities arising from cash transactions of ABC Partnership as 
of December 31, 20X1, and its revenue collected and expenses paid during the year then 
ended in accordance with the cash basis of accounting described in Note X. 


Basis for Opinion 


We conducted our audit in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements 
section of our report. We are required to be independent of ABC Partnership, and to meet 
our other ethical responsibilities, in accordance with the relevant ethical requirements 
relating to our audit. We believe that the audit evidence we have obtained is sufficient and 
appropriate to provide a basis for our audit opinion. 


(continued) 
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(continued) 


Emphasis of Matter—Basis of Accounting 


We draw attention to Note X of the financial statements, which describes the basis of 
accounting. The financial statements are prepared on the cash basis of accounting, which 
is a basis of accounting other than accounting principles generally accepted in the United 
States of America. Our opinion is not modified with respect to this matter. 


Responsibilities of Management for the Financial Statements 


Management is responsible for the preparation and fair presentation of the financial 
statements in accordance with the cash basis of accounting described in Note X, and for 
determining that the cash basis of accounting is an acceptable basis for the preparation 
of the financial statements in the circumstances. Management is also responsible for the 
design, implementation, and maintenance of internal control relevant to the preparation 
and fair presentation of financial statements that are free from material misstatement, 
whether due to fraud or error. 


Auditor's Responsibilities for the Audit of the Financial Statements 


Our objectives are to obtain reasonable assurance about whether the financial statements 
as a whole are free from material misstatement, whether due to fraud or error, and to 
issue an auditor's report that includes our opinion. Reasonable assurance is a high level 

of assurance but is not absolute assurance and therefore is not a guarantee that an audit 
conducted in accordance with GAAS will always detect a material misstatement when it 
exists. The risk of not detecting a material misstatement resulting from fraud is higher than 
for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, 
misrepresentations, or the override of internal control. Misstatements are considered 
material if there is a substantial likelihood that, individually or in the aggregate, they would 
influence the judgment made by a reasonable user based on the financial statements. 


In performing an audit in accordance with GAAS, we: 


e Exercise professional judgment and maintain professional skepticism throughout 
the audit. 


e Identify and assess the risks of material misstatement of the financial statements, 
whether due to fraud or error, and design and perform audit procedures responsive to 
those risks. Such procedures include examining, on a test basis, evidence regarding the 
amounts and disclosures in the financial statements. 


© Obtain an understanding of internal control relevant to the audit in order to design 
audit procedures that are appropriate in the circumstances, but not for the purpose 
of expressing an opinion on the effectiveness of ABC Partnership's internal control. 
Accordingly, no such opinion is expressed. 


© Evaluate the appropriateness of accounting policies used and the reasonableness of 
significant accounting estimates made by management, as well as evaluate the overall 
presentation of the financial statements. 


© Conclude whether, in our judgment, there are conditions or events, considered in the 
aggregate, that raise substantial doubt about ABC Partnership's ability to continue as a 
going concern for a reasonable period of time. 


(continued) 
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(continued) 


We are required to communicate with those charged with governance regarding, among 
other matters, the planned scope and timing of the audit, significant audit findings, and 
certain internal control-related matters that we identified during the audit. 


Report on Other Legal and Regulatory Requirements 


[The form and content of this section of the auditor's report would vary depending on the nature 
of the auditor's other reporting responsibilities. ] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 


2.2.2. Sample Report: Regulatory Basis of Accounting (Nonissuer) 


The following report would be issued when circumstances include the following: 
= The financial statements and auditor's report are intended for general use. 


= The financial statements have been prepared by management of the entity in accordance 
with financial reporting provisions established by a regulatory agency. 


= Based on the regulatory requirements, management does not have a choice of financial 
reporting frameworks. 


=m The variances between the regulatory basis of accounting and accounting principles 
generally accepted in the United States of America (U.S. GAAP) are not reasonably 
determinable and are presumed to be material. 


Independent Auditor's Report 
[Appropriate Addressee] 


Report on the Audit of Financial Statements 
Opinions 


We have audited the financial statements of ABC Government Authority, which comprise 
the statement of net position—regulatory basis as of December 31, 20X1, and the related 
statements of revenues, expenses, and changes in net position—regulatory basis and cash 
flows—regulatory basis for the year then ended, and the related notes to the financial 
statements. 


Unmodified Opinion on Regulatory Basis of Accounting 


In our opinion, the accompanying financial statements present fairly, in all material 
respects, the regulatory basis net position of ABC Government Authority as of December 
31, 20X1, and the regulatory basis revenues, expenses, and changes in net position and 
regulatory basis cash flows thereof for the year then ended in accordance with the financial 
reporting provisions of Section Y of Regulation Z of Any State Statutes described in Note X. 


(continued) 
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(continued) 


Adverse Opinion on U.S. Generally Accepted Accounting Principles 


In our opinion, because of the significance of the matter discussed in the Basis for 
Adverse Opinion on U.S. Generally Accepted Accounting Principles section of our report, 
the financial statements do not present fairly, in accordance with accounting principles 
generally accepted in the United States of America, the financial position of ABC 
Government Authority as of December 31, 20X1, or the changes in net position and cash 
flows thereof for the year then ended. 


Basis for Opinions 


We conducted our audit in accordance with auditing standards generally accepted in the 
United States of America (GAAS). Our responsibilities under those standards are further 
described in the Auditor's Responsibilities for the Audit of the Financial Statements 
section of our report. We are required to be independent of ABC Government Authority, 
and to meet our other ethical responsibilities, in accordance with the relevant ethical 
requirements relating to our audit. We believe that the audit evidence we have obtained is 
sufficient and appropriate to provide a basis for our audit opinions. 


Basis for Adverse Opinion on U.S. Generally Accepted Accounting Principles 


As described in Note X of the financial statements, the financial statements are prepared 
by ABC Government Authority on the basis of the financial reporting provisions of Section Y 
of Regulation Z of Any State Statutes, which is a basis of accounting other than accounting 
principles generally accepted in the United States of America, to meet the requirements 

of Any State Statutes. The effects on the financial statements of the variances between 

the regulatory basis of accounting described in Note X and accounting principles generally 
accepted in the United States of America, although not reasonably determinable, are 
presumed to be material and pervasive. 


Responsibilities of Management for the Financial Statements 


Management is responsible for the preparation and fair presentation of the financial 
statements in accordance with the financial reporting provisions of Section Y of Regulation Z 
of Any State Statutes. Management is also responsible for the design, implementation, and 
maintenance of internal control relevant to the preparation and fair presentation of financial 
statements that are free from material misstatement, whether due to fraud or error. 


Auditor's Responsibilities for the Audit of the Financial Statements 


Our objectives are to obtain reasonable assurance about whether the financial statements 
as a whole are free from material misstatement, whether due to fraud or error, and to 
issue an auditor's report that includes our opinion. Reasonable assurance is a high level 

of assurance but is not absolute assurance and therefore is not a guarantee that an audit 
conducted in accordance with GAAS will always detect a material misstatement when it 
exists. The risk of not detecting a material misstatement resulting from fraud is higher than 
for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, 
misrepresentations, or the override of internal control. Misstatements are considered 
material if there is a substantial likelihood that, individually or in the aggregate, they would 
influence the judgment made by a reasonable user based on the financial statements. 


(continued) 
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In performing an audit in accordance with GAAS, we: 


© Exercise professional judgment and maintain professional skepticism throughout 
the audit. 


© Identify and assess the risks of material misstatement of the financial statements, 
whether due to fraud or error, and design and perform audit procedures responsive to 
those risks. Such procedures include examining, on a test basis, evidence regarding the 
amounts and disclosures in the financial statements. 


© Obtain an understanding of internal control relevant to the audit in order to design 
audit procedures that are appropriate in the circumstances, but not for the purpose 
of expressing an opinion on the effectiveness of ABC Government Authority's internal 
control. Accordingly, no such opinion is expressed. 


© Evaluate the appropriateness of accounting policies used and the reasonableness of 
significant accounting estimates made by management, as well as evaluate the overall 
presentation of the financial statements. 


© Conclude whether, in our judgment, there are conditions or events, considered in the 
aggregate, that raise substantial doubt about ABC Government Authority's ability to 
continue as a going concern for a reasonable period of time. 


We are required to communicate with those charged with governance regarding, among 
other matters, the planned scope and timing of the audit, significant audit findings, and 
certain internal control-related matters that we identified during the audit. 


Report on Other Legal and Regulatory Requirements 


[Form and content of this section of the auditor's report will vary depending on the nature of the 
auditor's other reporting responsibilities. ] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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Engagement 
Acceptance and Terms 


1 ‘Those Charged With Governance 


The auditor is responsible for agreeing with management, and when appropriate, those 
charged with governance on the terms of the audit engagement. This includes confirming that 
certain preconditions for an audit, for which management and those charged with governance 
are responsible, are present. Management represents the individual or group of individuals 
that are responsible for the conduct of the entity's operations. The term "those charged with 
governance" refers to those who bear responsibility for overseeing the obligations and strategic 
direction of an entity, including the financial reporting process. This term is broadly interpreted 
to encompass the terms "board of directors" and "audit committee." 


1.1 Governance Structure 

Those charged with governance may include: 

= Members of the entity's legal structure, such as company directors. 
= Parties external to the entity, such as certain government agencies. 


= Acollective group of people such as a board of directors or audit committee, or a single 
person, such as an owner-manager. 


= Personnel who also have management responsibilities. 


1.2 Audit Committees 


An audit committee is a committee of the board of directors, generally made up of three to five 
members of the board who are "outside directors." Outside directors are individuals who are 
neither employees nor part of management and who do not have a material financial interest in 
the company. An audit committee is generally a subgroup of those charged with governance. 


1.2.1 Purpose of an Audit Committee 
Many companies have established audit committees because: 


m The SEC has strongly recommended this action, and the New York Stock Exchange requires 
all companies listed on the exchange to have audit committees. 


= Many large accounting firms and leading accountants in the country have strongly 
supported the formation of audit committees. 


=m The use of audit committees tends to strengthen the public's sense of the independence of 
the public accountant. 
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1.2.2 Specific Functions of Audit Committees 


The main function of an audit committee is to enhance the system of internal control by creating 
a means of direct communication between the "outside directors" and the independent auditor. 
An audit committee is considered to be part of the system of the internal control. The audit 
committee typically: 


Selects and appoints the independent auditor and sets the audit fee. 

Assures that the auditor is independent of the company. 

Reviews the nature and details of the audit engagement. 

Reviews the quality of the auditor's work. 

Reviews the scope of the audit. 

Ensures that any recommendations made by the auditor are given proper attention. 


Maintains lines of communication between the auditor and the board of directors. 


Helps solve any disagreements related to the accounting treatment of any material items in 
the financial statements. 


= Evaluates the system of internal control of the company with the help of the 
independent auditor. 


=m Makes reports to the board of directors and the stockholders when necessary. 


1.2.3 Communication With the Audit Committee 


Communication with the audit committee is a key element in the auditor's communication with 
those charged with governance. The auditor should: 


= Have appropriate access to the audit committee periodically. 
= Meet with the audit committee without management present at least once each year. 


= Consider whether communication with the audit committee is sufficient or whether there is 
also a need to communicate with others charged with governance. 


1.2.4 Sarbanes-Oxley Requirements 


The Sarbanes-Oxley Act, which applies to issuers, requires the audit committee to approve 
the engagement of the auditor, to preapprove the services to be performed (certain non-audit 
services are prohibited), and to have ongoing communications with the auditor. In effect, 
auditors of issuers report to and are overseen by the audit committee, not by management. 


1.2.5 Timing of Auditor Appointment 


Although early appointment of the auditor allows the auditor to plan a more efficient audit, 

an auditor is permitted to accept an engagement near or after year-end. The auditor should 
consider whether late appointment will pose limitations on the audit that may lead to a qualified 
opinion or a disclaimer of opinion and should discuss such concerns with the client. 
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2 Client Acceptance and Continuance 


As part of the pre-acceptance phase of the engagement, the auditor should consider and 
document compliance with the firm's quality control policies and procedures related to client 
acceptance and continuance. Specifically, the auditor should assess the following: 


= Firm's Ability to Meet Reporting Deadlines 


A firm should not accept or continue a client relationship unless the firm believes that it has 
the ability to perform the engagement within reporting deadlines. The firm's ability to meet 
reporting deadlines is affected by many factors, including the timing and complexity of the 
engagement and the availability of audit staff. 


= Firm's Ability to Staff the Engagement 


The firm must have personnel with both the experience and availability to meet staffing 
and supervision requirements. It may be more difficult to staff an engagement during "busy 
season" than at other times of the year. 


= Independence 


Independence is required for all audit engagements. Before accepting or continuing a 
client relationship when independence is required to be maintained, the firm must ensure 
that it is in fact independent of the client and that it will be able to maintain independence 
throughout the engagement. 


= Integrity of Client Management 


The likelihood of financial statement misrepresentation increases when the client's 
management lacks integrity. The audit firm should minimize the likelihood of association 
with a client whose management lacks integrity by considering the reputation of the client, 
its owners, key management, related parties, those charged with governance, the nature 
of the client's operations, and the client's overall attitude toward matters such as internal 
controls and the aggressive application of accounting principles. 


= Group Audits 


The group engagement partner should evaluate whether the group engagement team will be 
able to obtain sufficient appropriate audit evidence through the group engagement team's work 
or the work of component auditors to act as the auditor of the group financial statements. 


3. ~s~Preconditions for an Audit 


Before accepting an audit engagement with a new or existing audit client, the auditor should 
establish that the preconditions for an audit are present. If the preconditions for an audit are 
not present, the auditor should not accept the proposed engagement, unless the auditor is 
required by law or regulation to do so. 


3.1 Applicable Financial Reporting Framework 


The auditor should determine whether the financial reporting framework used by the client is 
acceptable. Factors related to the acceptability of the financial reporting framework include: 


=m The nature of the entity (e.g., business, government, or not-for-profit) 


= The purpose of the financial statements (e.g., wide or narrow range of users) 
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=m The nature of the financial statements (e.g., complete set or single financial statement) 


m= Whether law or regulation prescribes the framework 


3.2 Management Responsibilities 


The auditor should obtain the agreement of management that it acknowledges and understands 
its responsibility: 


1. for the preparation and fair presentation of the financial statements in accordance with the 
applicable financial reporting framework; 


2. for the design, implementation, and maintenance of internal control relevant to the 
preparation and fair presentation of financial statements that are free from material 
misstatement, whether due to fraud or error; and 


3. to provide the auditor with: 


e access to all information of which management is aware that is relevant to the 
preparation and fair presentation of the financial statements; 


e additional information that the auditor may request from management for the purpose 
of the audit; and 


e unrestricted access to persons within the entity from whom the auditor determines it is 
necessary to obtain audit evidence. 


3.3. Other Preconditions for ERISA Plan Financial Statements Audit 


3.3.1 Management Responsibilities 


When conducting an ERISA Plan financial statement audit, in addition to the preconditions for 
an audit (AU-C section 210), the auditor should obtain the agreement of management that it 
acknowledges and understands its responsibility for the following: 


= Maintaining a current plan instrument, including all plan amendments. 


= Administering the plan and determining that the plan's transactions that are presented 
and disclosed in the ERISA plan financial statements are in conformity with the plan's 
provisions, including maintaining sufficient records with respect to each of the participants 
to determine the benefits due or which may become due to such participants. 


m When management elects to have an ERISA Section 103(a)(3)(C) audit, determining whether: 
e an ERISA Section 103(a)(3)(C) audit is permissible under the circumstances; 
e the investment information is prepared and certified by a qualified institution; 


e the certification meets the requirements in 29 CFR 2520.103-5 of the Department of 
Labor's Rules and Regulations for Reporting and Disclosure under ERISA (qualified 
institution); and 


e the certified investment information is appropriately measured, presented, and 
disclosed in accordance with the applicable financial reporting framework. 
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3.3.2 Auditor Responsibilities 


The auditor should also obtain the agreement of management or those charged with 
governance to: 


= Provide to the auditor, prior to the dating of the auditor's report, a draft of Form 5500 that is 
substantially complete, including: 


e the certification meets the requirements in of the Department of Labor's Rules and 
Regulations for Reporting and Disclosure under ERISA (qualified institution); and 


e the forms and schedules that could have a material effect, involving both qualitative 
and quantitative considerations, on the information in the financial statements and 
ERISA-required supplemental schedules. 


m When management elects to have an ERISA Section 103(a)(3)(C) audit, the auditor should: 


e Inquire of management about how management determined that the entity preparing 
and certifying the investment information is a qualified institution. 


3.4 Management-Imposed Scope Limitation 


The auditor should not accept an engagement if, prior to engagement acceptance, management 
or those charged with governance impose a scope limitation that will result in the auditor 
disclaiming an opinion on the financial statements as a whole. 


3.4.1 Audit Required by Law or Regulation 


If the entity is required by law or regulation to have an audit, and a disclaimer of opinion is 
acceptable, such as in the audit of an employee benefit plan, the auditor is permitted, but not 
required, to accept the engagement when there is a management-imposed scope limitation. 


When the auditor's report on the audited ERISA plan financial statements contains an adverse 
opinion or a disclaimer of opinion, the auditor is precluded from expressing an opinion on the 
ERISA-required supplemental schedules. 


=m When permitted by law or regulation, the auditor may withdraw from the engagement to 
report on the ERISA-required supplemental schedules. 


=m Ifthe auditor does not withdraw, the reporting on whether supplementary information 
is fairly stated, in all material respects, in relation to the financial statements as a whole, 
should be replaced with the following: 


e If the auditor's report contains an adverse opinion, a statement that the audit was 
conducted for the purpose of forming an opinion on the financial statements as a 
whole; or 


e If the auditor's report contains a disclaimer of opinion, a statement that the auditor was 
engaged for the purpose of forming an opinion on the financial statements as a whole. 


e  Astatement that the supplemental schedules are presented for the purposes of 
additional analysis and are not a required part of the financial statements but are 
supplementary information required by the DOL's Rules and Regulations for Reporting 
and Disclosure under ERISA. 


e Astatement that because of the significance of the matter described in the auditor's 
report, it is inappropriate to, and the auditor does not, express an opinion on the 
supplemental schedules. 
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When performing a limited-scope audit, previous audit standards required the auditor to issue 
a disclaimer of opinion because the certified investment information was not audited. Under 
SAS 136, limited-scope audits will now be referred to as "ERISA Section 103(a)(3)(C)" and are 

no longer considered a scope limitation but rather it permits the auditor to issue a form of an 
unmodified opinion. 


= The auditor will not disclaim an opinion, but will instead provide a new, two-pronged 
opinion unique to ERISA employee benefit plan audits stating: 


e The amounts and disclosures in the ERISA plan financial statements that are not 
covered by the certification are presented fairly in accordance with the applicable 
financial reporting framework. 


e The investment information in the ERISA plan financial statements related to the 
certified investment information agrees to or is derived from the certified investment 
information provided by a qualified institution. 


When management elects to have an ERISA Section 103(a)(3)(C) audit, and the auditor's report 
contains an adverse opinion or a disclaimer of opinion, the auditor is precluded from expressing 
an opinion on the supplemental schedules. 


m When permitted by law or regulation, the auditor may withdraw from the engagement to 
report on the ERISA-required supplemental schedules. 


= Ifthe auditor does not withdraw, the auditor should include an other-matter paragraph in 
the ERISA Section 103(a)(3(C) audit report: 


e Astatement that the supplemental schedules are presented for the purposes of 
additional analysis and are not a required part of the financial statements but 
are supplementary information required by the Department of Labor's Rules and 
Regulations for Reporting and Disclosure under ERISA. 


e Astatement that such information is the responsibility of management and was derived 
from and relates directly to the underlying accounting and other records used to 
prepare the financial statements. 


e Astatement that because of the significance of the matter described, it is inappropriate, 
and the auditor does not express an opinion on the supplemental schedules. 


3.4.2 Scope Limitations That Do Not Preclude Engagement Acceptance 


If a management-imposed scope limitation will result in a qualified opinion, or if the scope 
limitation is imposed by circumstances beyond management's control, the auditor may still 
accept the engagement. 


4 Agreement on Audit Engagement Terms 


The auditor should agree to the terms of the engagement with management or those charged 
with governance, as appropriate. This agreement should be documented in an engagement 
letter or other suitable form of written agreement. If the auditor believes an agreement with the 
client has not been established, he or she should decline to accept or perform the engagement. 
The engagement letter should be accepted (signed and dated) by the client and included with 
the auditor's documentation. 
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4.1 Reasons for Agreement 


Awritten agreement reduces the risk that either the auditor or the client may misinterpret the 
needs or expectations of the other party. For example, an agreement reduces the risk that the 
client may inappropriately rely on the auditor to: 


1. protect the entity against certain risks (e.g., defalcations); or 
2. perform certain functions that are the client's responsibility (e.g., establishing and 
maintaining effective internal control over financial reporting). 


4.2 Engagement Letter Contents 


Engagement letter contents vary for each entity. The agreement may include overall audit 
strategy, but typically would not include specific audit procedures (unless those procedures were 
requested by the client). 


4.2.1 Required Contents 

The engagement letter should include: 

= The objective and scope of the audit. 
=m The responsibilities of the auditor. 

=m The responsibilities of management. 
a 


A statement that because of the inherent limitations of an audit, together with the inherent 
limitations of internal control, an unavoidable risk exists that some material misstatements 
may not be detected, even though the audit is properly planned and performed in 
accordance with GAAS. 


Identification of the applicable financial reporting framework. 


Reference to the expected form and content of any reports to be issued by the auditor and 
a statement that circumstances may arise in which a report may differ from its expected 
form and content. 


4.2.2. Other Contents 
The engagement letter may also refer to the following: 


= Elaboration of the scope of the audit, including reference to applicable legislation, 
regulations, GAAS, or ethical requirements. 


=m The form of any other communication about the results of the audit engagement. 

=m Arrangements regarding planning and audit performance, including the composition of the 
audit team. 

=m The communication of key audit matters. 

m The expectation that management will provide written representations. 

m The agreement of management to make all information that is relevant to the financial 
statements and disclosures available to the auditor in a timely manner. 

m The agreement of management to inform the auditor about subsequent events. 

=m Fees and billing arrangements. 
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=m Arrangements concerning the involvement of other auditors, specialists, internal auditors, 
or other staff of the entity. 


Arrangements to be made with the predecessor auditor. 
Any restriction on the auditor's liability (when not prohibited). 


Any obligations of the auditor to provide audit documentation to other parties. 


Additional services to be provided or references to further agreements between the auditor 
and the entity. 


= Arequest for management to acknowledge the receipt of the engagement letter and to 
agree to the terms (as may be evidenced by management's signature). 


PCAOB Standards: Guidance for Issuers 


For audits of issuers, the auditor must agree to the terms of the engagement with 
the audit committee in an engagement letter. The engagement letter should be 
provided to the audit committee annually. 


5 Recurring Audits 


A recurring audit is an audit engagement for an existing audit client for whom the auditor 
performed the preceding audit. 
5.1 Revising the Terms of the Engagement 


On recurring audits, the auditor should assess whether circumstances require the terms of the 
engagement to be revised. The following factors may make it appropriate to revise the terms of 
the engagement: 


=m Any indication that management misunderstands the objective or scope of the audit 
Any revised or special engagement terms 

A change in senior management 

A significant change in ownership 

A significant change in the nature or size of the entity's business 

A change in legal or regulatory requirements 


A change in financial reporting framework 


A change in other reporting requirements 


5.2. Terms of the Engagement Not Revised 


If the auditor concludes that the terms of the engagement do not need to be revised, the auditor 
should remind management of the terms of the engagement by means of a new engagement 
letter, or a reminder that the terms of the preceding engagement will govern the current 
engagement. A reminder can be written or oral and should be documented. 
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6 Initial Audits 


An initial audit is an engagement in which the financial statements for the prior period were not 
audited or were audited by a predecessor auditor. 


6.1 Communication With the Predecessor Auditor 


A predecessor auditor is one who was engaged to audit a prior financial statement (even if the 
audit was not completed). In an initial audit, including a reaudit engagement, it is mandatory to 
make inquiries of the predecessor auditor. Client permission is needed, however. If the client 
is unwilling to agree to this procedure, the auditor should consider the implications and decide 
whether to accept the engagement. 


The auditor should make oral or written inquiries of the predecessor auditor before accepting 
an engagement. Inquiries should be made regarding: 


1. identified or suspected fraud involving management or others; 


2. matters involving noncompliance or suspected noncompliance with laws and regulations, 
except those that were clearly inconsequential; 


3. information that might bear on management integrity; 


disagreements with management over accounting principles, auditing procedures, or other 
similarly significant matters; 


the predecessor's understanding as to the reasons for the change of auditors; 


communication to management, the audit committee, and those charged with governance 
regarding matters relating to internal control; and 


7. the predecessor's understanding of the nature of the entity's relationships and transactions 
with related parties and significant unusual transactions. 


It is the responsibility of the predecessor auditor, when authorized by management, to respond 
in a timely, thorough, and factual basis to the successor auditor. In rare circumstances, a 
response by the predecessor auditor may be limited. Any limitations in a predecessor auditor's 
response should be disclosed to the successor auditor. When an engagement is accepted, the 
auditor should document the inquiries made to the predecessor auditor and the results. 


7 Change in Engagement 


During the course of an engagement, a client may ask the accountant to change an audit to a 
compilation or review, or a review to a compilation. 


7.1. Considerations 


Before agreeing to a change, an accountant should consider: 

1. the reason for the request, especially if there are scope limitations; 
2. the effort required to complete the engagement; and 

3. the estimated additional cost to complete the engagement. 


If the accountant decides a change in the engagement is justified, he or she must comply 
with the standards for a compilation or review, and then issue an appropriate report. The 
report should not refer to the original engagement, any procedures performed as part of the 
engagement, or any scope limitation. 
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7.2 Reasons for Change 


7.2.1 Acceptable Reasons 


An audit may be changed to a compilation or review, or a review may be changed to a 
compilation, due to a: 


= change in client requirements; or 


® misunderstanding as to the nature of the service to be rendered. 


7.2.2 Unacceptable Reasons 
The following are not acceptable reasons for a change: 
=m The engagement would uncover errors or fraud. 


=m The client is attempting to create misleading or deceptive financial statements. 


7.2.3 Scope Limitations 


The auditor must consider the implications of a scope restriction in deciding whether a change 
in engagement is reasonable. The following are generally considered unacceptable reasons 
for a change: 


=m The client refuses to allow correspondence with legal counsel. 


m= The client refuses to provide a signed representation letter. 


7.3. Compilation/Review Report Not Permitted 


An accountant is generally precluded from issuing a compilation report or a review report when: 


=m The accountant has been engaged to audit the entity's financial statements and has been 
prohibited by the client from corresponding with the entity's legal counsel. 


=m The accountant has been engaged to audit or review the entity's financial statements and 
the client does not provide the accountant with a signed representation letter. 
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Engagement Quality 


1 Applicability 


The AICPA Code of Professional Conduct requires firms providing auditing, attestation, and 
accounting and review services to adopt a system of quality control to manage engagement 
and assurance quality. A quality control system consists of policies and procedures designed, 
implemented, and maintained to ensure that the firm complies with professional standards and 
appropriate legal and regulatory requirements, and that any reports issued are appropriate in 
the circumstances. Statements on Quality Control Standards (SQCS) are issued by the Auditing 
Standards Board to provide guidance with respect to managing engagement quality. 


2 Elements of Audit and Assurance Engagement Quality 


The six interrelated elements of quality control are: 
Human resources 

Engagement/client acceptance and continuance 
Leadership responsibilities 

Performance of the engagement 


Monitoring 


So Sf weN > 


Ethical requirements 


Each of these elements of quality control are covered in more detail below. 


Dae Pass Key 


"HELP ME" maintain good quality in my accounting and auditing practice. 


2.1 Human Resources 


This element encompasses criteria for recruitment and hiring, determining capabilities 
and competencies, assigning personnel to engagements, professional development, and 
performance evaluation, compensation, and advancement. 


Personnel management policies and procedures should be established to provide the firm with 
reasonable assurance that: 


= Those hired possess the appropriate characteristics to enable them to perform competently. 


m Engagement partners possess the competencies necessary to fulfill engagement responsibilities. 
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= Work is assigned to personnel having the degree of technical training and proficiency 
required in the circumstances. 


= Personnel participate in continuing professional education and other professional 
development activities. 


= Personnel selected for advancement have the qualifications necessary to fulfill the 
responsibilities to be assumed, and performance evaluation, compensation, and 
advancement procedures provide appropriate recognition and reward. 


Examples include: 

Requiring timely identification of staffing requirements. 

Planning for the total personnel needs of all the firm's professional engagements. 
Requiring a background check on new personnel. 

Requiring supervisors to prepare performance evaluations. 

Requiring personnel to attend training. 


Consideration of continuity and periodic rotation of personnel. 


Consideration of opportunities for on-the-job training. 


2.2 Engagement/Client Acceptance and Continuance 


Policies and procedures should be established for deciding whether to accept or continue 
a client relationship and whether to perform a specific engagement. These policies and 
procedures should provide the firm with reasonable assurance that the firm: 


m= Minimizes the likelihood of association with a client whose management lacks integrity. 


e The firm should consider the reputation of the client, its owners, key management, 
related parties and those charged with governance, the nature of the client's 
operations, and the client's overall attitude toward matters such as the aggressive 
application of accounting principles and internal controls. 


=m Undertakes only those engagements that the firm can reasonably expect to complete with 
professional competence. 


e The firm must have sufficient personnel with appropriate knowledge and experience, or 
personnel who can attain appropriate competency levels. Specialists should be available 
if needed. 


e The firm must be able to perform the engagement within reporting deadlines. 
= Can comply with legal and ethical requirements. 

e Potential conflicts of interest should be identified and evaluated. 

e The firm must be able to maintain independence. 


The firm should obtain an understanding with the client regarding the nature, scope, and 
limitations of the services to be provided. The firm should document how any issues with 
respect to the acceptance and continuance decision were resolved. 


The firm should have policies and procedures for withdrawal from an engagement or from an 
engagement and the client relationship. Policies and procedures should include: 


= Documentation of significant issues, consultations, conclusions, and the basis 
for conclusions. 
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= Discussion with the client of the appropriate action to be taken by the firm based on the 
facts and circumstances. The discussion should include the appropriate level of the client's 
management and those charged with governance. 


= Consideration of any professional, legal, or regulatory requirement for the firm to remain 
in place, or for the firm to report the withdrawal and the reasons for the withdrawal to 
regulatory authorities. 


Examples include: 

m Reviewing the financial statements and credit rating of the proposed client. 

= Inquiring of third parties as to the reputation of the proposed client. 

= Evaluating the firm's ability to service the client properly. 

=m Periodically reevaluating clients for continuance, including consideration of significant issues 
that arise during the current or prior engagements. 


2.3. Leadership Responsibilities for Quality Within the Firm 


The firm's leadership bears ultimate responsibility for the firm's quality control system, and 
should create a culture that emphasizes quality. The "tone at the top" influences attitudes 
throughout the firm. 


= Quality should be emphasized over commercial considerations. 


= Performance evaluation, compensation, and advancement should demonstrate a 
commitment to quality. 


= Sufficient resources should be devoted to developing, communicating, and supporting the 
quality control system. 


= Those with operational responsibility for the quality control system should have appropriate 
experience, ability, and authority. 


2.4 Performance 
Policies and procedures should be established to: 


= Achieve a consistently high level of performance. This may be accomplished by using written 
or electronic manuals, software tools, standardized documentation, and/or guidance 
materials for specific industries or specific types of subject matter. 


= Ensure that the engagement is appropriately supervised, and that work is 
appropriately reviewed. 


= Maintain confidentiality, safe custody, integrity, accessibility, retrievability, and retention of 
engagement documentation. Requirements imposed by specific laws or regulations should 
be addressed. 


= Allow consultation with experts inside or outside the firm with respect to complex, 
unfamiliar, unusual, difficult, or contentious issues. 


m Provide a means to resolve differences of opinion. 


= Establish and follow guidelines with respect to determining when an engagement quality 
control review should be performed. 


e Care should be taken to appoint an appropriate (i.e., independent, technically 
competent) quality control reviewer. 


e The engagement partner remains responsible for the engagement, despite the 
involvement of an engagement quality control reviewer. 
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e Engagement quality control review procedures should include an objective evaluation of 
judgments, conclusions, reports, and documentation. 


e The engagement quality control review should be appropriately documented. 
e The review should be completed before the engagement report is released. 
Examples include: 
= Designating individuals with expertise in matters related to the SEC. 
Referring questions to the appropriate group in the AICPA or state society. 
Developing and using standard audit forms, checklists, and questionnaires. 


Establishing procedures for reviewing engagement documentation and reports. 


Using passwords or other means of restricting access to engagement documentation. 


2.5 Monitoring 


Policies and procedures should be established to provide the firm with reasonable assurance that 
its quality control system is relevant, adequate, operating effectively, and complied with in practice. 


= Monitoring involves an ongoing consideration and evaluation of the design and 
effectiveness of the quality control system. 


= Monitoring helps the company determine whether: 
e The firm has complied with professional standards and legal/regulatory requirements. 
e The quality control system has been designed appropriately and implemented effectively. 


e The quality control system has operated effectively in ensuring that reports issued 
are appropriate. 


= Monitoring should be performed by qualified individuals. 


= Apartner (or someone with appropriate experience and authority) should bear 
responsibility for the monitoring process. 


2.5.1 Monitoring Procedures 


Monitoring procedures include the performance of engagement quality control reviews, post- 
issuance reviews of engagement documentation, and inspections (internal or external) of a 
selection of completed engagements. Specific monitoring procedures include: 


= Review of administrative records, working papers, reports, and financial statements. 
Discussions with firm personnel, including communication with management. 
Summarization of findings, and determination of corrective actions to take. 


Assessment of the firm's guidance materials, and compliance with firm guidelines. 


Peer review (covered in more detail below) conducted under AICPA standards, which may 
substitute for some of a firm's inspection procedures. 


= A"wrap-up" or second partner "preissuance" review of the audit documentation by a partner 
not otherwise involved in the audit. The Sarbanes-Oxley Act requires such review for every 
public company audit report. The purpose of this review is to focus on the fair presentation 
of the financial statements in conformity with generally accepted accounting principles. 


Monitoring procedures should be documented, including evaluation of deficiencies noted and 
corrective actions taken. The firm should take appropriate further action to address deficiencies, 
complaints, and allegations of noncompliance. 
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2.5.2 Peer Review 


The purpose of peer review is to determine and report whether the CPA firm being reviewed has 
developed adequate policies and procedures for the elements of quality control and is following 
them in practice. 


m™ Peer review occurs when one CPA firm reviews another CPA firm's compliance with its 
quality control system. 


= ACPA firm that is a member of the AICPA must have a peer review every three years in 
order to maintain membership in the AICPA. 


= The firm being reviewed can select the review firm or may ask the AICPA or state society of 
CPAs to select a review team. 


= Upon completion of the peer review, a report is issued with conclusions and 
recommendations. A firm that fails to take corrective actions (where necessary to correct 
deficiencies) is subject to sanctions. 


2.6 Ethical Requirements 


Policies and procedures should be established to provide the firm with reasonable assurance 
that personnel maintain independence (in fact and in appearance) in all required circumstances, 
perform all professional responsibilities with integrity, and maintain objectivity in discharging 
professional responsibilities. 


m= Independence encompasses impartiality and freedom from any obligation to or interest in 
the client. 


= Independence requirements should be communicated to firm personnel. 


= Threats to independence should be identified and evaluated, and appropriate action should 
be taken. 


= Atleast annually, all firm personnel subject to independence requirements should confirm 
their independence in writing (paper or electronic form). 


= The firm's quality control system should address requirements for rotation of personnel. 
Examples include: 


= Maintaining records showing which personnel were previously employed by clients or have 
relatives holding key positions with clients. 


= Notifying personnel as to the names of audit clients publicly held. 
= Confirming with staff that prohibited relationships do not exist. 


= Emphasizing independence of mental attitude in training and supervision. 
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3 Other Considerations 


3.1 Nature and Extent of Quality Control 

The nature and extent of a firm's quality control policies and procedures depend on: 
the firm's size; 

its organizational structure; 


the nature and complexity of its practice; 


PWN = 


the degree of operating autonomy allowed its personnel and its individual offices; and 
5. cost-benefit considerations. 


3.2 Communication 


Quality control policies and procedures should be communicated to firm personnel. 
Communication should include procedures and objectives, and should emphasize personal 
responsibility and the importance of feedback. Written communication is not required, but it can 
be helpful. 


3.3. Documentation 


The firm should document its quality control policies and procedures. The extent of 
documentation may vary based on the size, structure, and nature of the firm. Documentation 
should be retained for a sufficient period of time. 


3.4 Relationship Between Auditing and Quality Control Standards 


3.4.1 GAAS vs. Quality Control Standards 


Generally accepted auditing standards and quality control standards are not synonymous. GAAS 
relate to the conduct of each individual audit engagement, whereas quality control standards 
relate to the conduct of all professional activities of the firm's practice as a whole. 


The quality control standards of a firm affect both the performance of each audit and the 
performance of the audit practice as a whole. 


3.4.2 Quality Control Deficiencies 


Although an effective system of quality control is conducive to complying with GAAS (or other 
professional standards), deficiencies in a firm's quality control standards do not necessarily 
indicate a lack of compliance with GAAS (or other professional standards) for any one specific 
engagement. 


Deficiencies in quality control for an individual engagement do not necessarily imply that the 
firm's quality control system overall is insufficient. 
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4 Reviewing the Work of Others 


All work performed on the audit should be reviewed to determine whether the work was 
adequately performed and documented and to evaluate the results of the work relative to the 
conclusion to be presented in the audit report. The partner with final responsibility for the audit 
may delegate some of the review responsibility to other members of the audit team, consistent 
with the firm's system of quality control. Work should be reviewed by members of the audit 
team who are senior to those who performed the work. 


4.1 Review Considerations 


A review consists of consideration of whether: 


= The work has been performed in accordance with professional standards and applicable 
laws and regulations. 


= Significant findings or issues need further consideration. 
Appropriate consultations have taken place and have been documented and implemented. 


=m The nature, extent, and timing of the work performed is appropriate and does not 
need revision. 


=m The work performed supports the conclusions reached and is appropriately documented. 
=m The evidence obtained is sufficient and appropriate to support the auditor's report. 


=m The objectives of the engagement have been achieved. 


4.2 Engagement Partner Review 


The engagement partner should review the following significant findings or issues on a timely 
basis during the audit to allow resolution on or before the date of the auditor's report: 


= Critical areas of judgment, especially involving difficult to contentious matters 
= Significant risks 


m Other areas the engagement partner considers important 


4.3 Documentation Requirements 


Audit documentation should include: 
1. Who performed the work and the date the work was completed. 


2. Who reviewed the audit documentation and the date of the review. 
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5 Engagement Quality Standards for Nonissuer 
Engagements 


The auditor has specific responsibilities regarding quality control procedures when performing 
engagements for nonissuers in accordance with U.S. GAAS. Such engagements include 
nonissuer financial statement audits, reviews of the interim financial statements of nonissuers, 
and government financial audits performed in accordance with GAAS. As part of a firm's 

system of quality control, engagement teams have a responsibility to implement quality control 
procedures that are applicable to managing engagement quality. Engagement teams should also 
provide the firm with information related to the independence of the engagement team. 


5.1 Objective 


The objective of the auditor is to implement quality control procedures at the engagement level 
to provide reasonable assurance that: 


1. the audit complies with professional standards and applicable legal and 
regulatory requirements; and 


2. the auditor issues a report that is appropriate. 


5.2 Engagement Partner Responsibilities for Quality 


The engagement partner is responsible for the overall quality of the engagement, but may 
delegate responsibility for the performance of certain procedures to other members of the 
engagement team. The engagement partner may also rely on the firm's system of quality control. 


During each engagement, the engagement partner should: 


= Remain alert for evidence of noncompliance with relevant ethical requirements by members 
of the engagement team and take appropriate action when necessary. 


= Forma conclusion on compliance with independence requirements. 


= Be satisfied that appropriate procedures regarding client acceptance and continuance have 
been followed. 


= Be satisfied that the engagement team and any external specialists have the competence 
and capabilities needed to perform the engagement and issue an audit report that is 
appropriate in the circumstances. 


= Take responsibility for the direction, supervision, and performance of the engagement and 
for the report being appropriate in the circumstances. 


= Take responsibility for reviews being performed in accordance with the firm's review policies 
and procedures. 


= Be satisfied through review of the audit documentation and discussion with the 
engagement team that sufficient appropriate audit evidence has been obtained to support 
the conclusions reached and the report to be issued. 


= Take responsibility for the engagement team undertaking appropriate consultation on 
difficult or contentious matters. 
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5.3. Engagement Quality Control Review 


The engagement quality control review provides an objective evaluation of the significant 
judgments the engagement team made and the conclusions it reached in formulating the 
auditor's report. An engagement quality control review is performed only when required by the 
firm's policies and procedures. The engagement quality control review should be completed 
before the engagement partner releases the audit report. 


The engagement quality control reviewer can be a partner, other person in the firm, suitably 
qualified external person, or team of such individuals, none of whom is part of the engagement 
team. The engagement quality control reviewer must have sufficient and appropriate experience 
and authority to objectively evaluate the engagement team's judgments and conclusions. 


The engagement quality reviewer's evaluation of the engagement team's significant judgments 
and conclusions should include: 


= Discussion of significant findings with the engagement partner. 

=m Reading the financial statements and proposed auditor's report. 

=m Review of audit documentation related to significant judgments and conclusions. 
a 


Evaluation of the conclusions reached in formulating the auditor's report (including 
conclusions related to key audit matters, when applicable) and consideration of the 
appropriateness of the proposed auditor's report. 


If the engagement quality control review is completed after the date of the auditor's report and 
identifies instances in which additional evidence or procedures are required, the date of the 
auditor's report should be changed to the date when the additional evidence has been obtained 
or the additional procedures have been completed. 


6 Engagement Quality Standards for Issuer Engagements 


PCAOB standards require an engagement quality review and concurring approval of audit report 
issuance for all audits of issuers and for each engagement to review the interim financial statements 
of an issuer. Many firms also require engagement quality reviews for nonissuer audits. 


6.1 Engagement Quality Reviewer 


An engagement quality review is performed by a partner who is not otherwise associated with 
the engagement. The engagement quality reviewer must be competent, independent, objective, 
and act with integrity. 


6.2 Engagement Quality Review Process 


Under PCAOB standards, the engagement quality reviewer is required to hold discussions with 
the engagement partner and other members of the engagement team and review the audit 
documentation in order to evaluate the significant judgments made by the engagement team 
and the overall conclusion reached on the engagement. The engagement quality reviewer 
should do the following: 


= Evaluate the significant judgments related to engagement planning, including the firm's 
prior experience with the client, risks identified related to the client, and judgments 
about materiality. 


= Evaluate the engagement team's assessment of and responses to significant risks, including 
fraud risk. 


© Becker Professional Education Corporation. All rights reserved. Module 2 A2-21 


Engagement Quality AUD 2 


Evaluate significant judgments about materiality, corrected and uncorrected misstatements, 
and control deficiencies. 


Review the evaluation of the firm's independence in relation to the engagement. 


Review the engagement completion document and confirm that there are no 
unresolved matters. 


Review the financial statements, management's report on internal control, and the 
engagement report. 


Read other information to be filed with the SEC and determine whether appropriate action 
has been taken with respect to material inconsistencies or material misstatements of fact. 


Evaluate the consultations, documentation, and conclusions related to difficult or 
contentious matters. 


Evaluate communications with management, the audit committee, and regulatory bodies. 


Evaluate whether engagement documentation indicates that the engagement team 
responded appropriately to significant risks and whether such documentation supports the 
conclusions reached by the engagement team. 


Evaluate the engagement team's determination, communication, and documentation of 
critical audit matters. 


6.3. Concurring Approval of Issuance 


Under PCAOB standards, the firm cannot give the client permission to use the engagement 
report until the engagement quality reviewer provides concurring approval of issuance. The 
engagement quality reviewer may provide concurring approval of issuance only if there are no 
significant engagement deficiencies. 


A significant engagement deficiency exists when: 


The engagement team failed to obtain sufficient appropriate evidence. 
The engagement team reached an inappropriate overall conclusion. 
The engagement report is not appropriate for the circumstances. 


The firm is not independent of the client. 
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1 Overview 


Audit documentation (also referred to as "working papers" or "workpapers") is the principal 
record of audit procedures performed, evidence obtained, and conclusions reached. 


Audit documentation should provide: 


1. evidence of the basis for the auditor's report and the conclusion about the achievement of 
the overall objectives of the auditor; and 


2. evidence that the audit was conducted in accordance with generally accepted auditing 
standards and applicable legal and regulatory requirements. 


2 Audit Documentation Requirements 


2.1 Overall Requirements 


Audit documentation should: 
= Assist the engagement team in planning, conducting, and supervising the audit. 
= Show that the accounting records reconcile with the financial statements, including disclosures. 


=m Enable the engagement team to show its accountability, emphasizing that the team is 
responsible for its work. 


= Provide a record of accumulated evidence, showing the procedures performed, evidence 
examined, and conclusions reached. 


Be a record of matters of continuing significance to future audits of the same entity. 


= Enable the conduct of quality control reviews and inspections, including external inspections 
or peer reviews. 


Assist an auditor who reviews a predecessor auditor's documentation. 


= Be prepared in enough detail so that an experienced auditor who has no previous 
connection with the audit can understand: 


1. the nature, extent, and timing of the audit procedures performed; 

2. the results of the procedures performed and the evidence obtained; 

3. the significant findings or issues arising during the audit; and 

4. the conclusions reached, and significant judgments made to reach those conclusions. 
= Show who performed the work and the date the work was completed. 
= Show who reviewed the work performed and the date and extent of the review. 

Include abstracts or copies of significant contracts or agreements. 
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= Document discussions of significant findings or issues with management, those charged 
with governance, and others. 


= Document how the auditor addressed any information inconsistent with the auditor's final 
conclusion regarding a significant finding or issue. 


= Document the auditor's justification for a departure from a presumptively mandatory audit 
requirement and how alternative audit procedures achieved the intent of the requirement. 


= Document the performance and review of additional audit procedures or new conclusions 
after the date of the auditor's report. 


When possible, audit documentation should provide evidence that professional skepticism was 
maintained throughout the audit. For example, when evidence is obtained that both contradicts 
and corroborates a management assertion, the auditor should document how the evidence was 
evaluated and any professional judgments made when concluding on the impact to the audit. 


2.2 Retention and Completion 
Audit documentation should be prepared on a timely basis. 


2.2.1 Report Release Date 


The "report release date" is defined as the date on which the auditor grants the client 
permission to use the report. Often, this is the date on which the report is delivered to the client. 
The auditor should document the report release date. 


2.2.2 Document Retention 


=m SAS Rules (Nonissuers): Auditing standards require that audit documentation be retained 
for at least five years from the report release date. 


= PCAOB Rules (Issuers): The PCAOB requires auditors of public companies to keep audit 
documentation for seven years from the report release date. 


2.2.3. Documentation Completion Date 


The auditor is granted a certain window of time following the report release date in which 

to assemble the final audit documentation file. The end of this window is referred to as the 
"documentation completion date." After this date, existing documentation must not be deleted, 
and additions to the audit documentation must be documented as such. 


=m SAS Rules (Nonissuers): Auditing standards require the final audit documentation file to be 
assembled within 60 days following the report release date. 


= PCAOB Rules (Issuers): The PCAOB defines the documentation completion date as 45 days 
following the report release date, and requires preparation of an "engagement completion 
document" identifying all significant findings and issues. Also, under PCAOB standards, if 
work is performed by another auditor, the office issuing the report must obtain, review, and 
retain certain audit documentation from the other auditor. 


2.2.4 Safekeeping of Audit Documentation 


Reasonable precautions should be established for the safekeeping of audit documentation, 
as it is the proof that a professional audit was performed. The SOX Act of 2002 imposes tough 
penalties for failure to retain audit documentation or for the destruction of records. 


The auditor should establish appropriate controls for audit documentation to protect its 
integrity, prevent unauthorized changes, etc. 
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2.3. Nature and Extent of Audit Documentation 


Audit documentation may be in paper form, electronic form, or other media. Oral explanations 
alone are insufficient, but may be used for clarification of information included in the audit 
documentation. 


The specific quantity, type, and content of audit documentation are based on the auditor's 
judgment. In determining the nature and extent of documentation for a specific area, the 
auditor should consider: 


the size and complexity of the entity; 

the nature of the specific auditing procedure; 

the risk of material misstatement; 

the significance of the evidence obtained; 

the nature and extent of any exceptions identified; 


the need to document conclusions that may not be obvious; 


NOU PWD BS 


the audit methodology and tools used; and 


8. the extent to which judgment was required in performing the work and evaluating the results. 


2.4 Specific Contents 


The form and content of audit documentation can vary, but they should be designed to meet 
the circumstances of the particular engagement. Generally, audit documentation will consist of a 
permanent or continuous audit file and a current file. 


2.4.1. Permanent (Continuous) File 


The permanent file includes audit documentation that has a continuing interest from year to 
year (such as contracts, pension plans, leases, stock options, bylaws, articles of incorporation, 
minutes of meetings, bond indentures, and internal information). 


2.4.2 Current File 


The current file contains all audit documentation applicable to the year under audit, and 
generally includes the following audit documentation: 


=m The audit plan (audit program). 

=m Financial statements and the auditor's report. 

= Working trial balance, adjusting journal entries, and reclassification entries. 
a 


Letters of confirmation and representation (e.g., letters from attorneys, a management 
representation letter, and confirmation responses). 


m Analyses, worksheets, issues memoranda, and schedules or commentaries prepared or 
obtained by the auditor. Note that related accounts, such as notes receivable and interest 
income, are often analyzed together. 


= Abstracts or copies of entity documents, such as contracts or agreements, examined to 
evaluate the accounting for significant transactions. 


= Summaries of significant audit findings or issues (see below), actions taken, and conclusions 
reached. 


= Records of tests of controls and substantive tests that include identification of specific 
items selected for testing (i.e., the source from which the items were selected and specific 
selection criteria). 
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2.4.3 Significant Audit Findings and Related Professional Judgments 


Audit documentation should include significant audit findings, actions taken, and conclusions 
reached. Significant audit findings include matters that: 


= Are related to the selection and application of accounting principles (and the consistency 
with which they are applied), especially those involving complex or unusual transactions, or 
estimates and uncertainties and the related management assumptions. 


Are related to matters that give rise to significant risks. 
Are related to possible material misstatements in the financial statements. 
Suggest a need to revise the auditor's previous risk assessment. 


Cause significant difficulty in applying necessary audit procedures, or indicate the need for 
significant revision of planned audit procedures. 


= May result in modification of the auditor's opinion or the inclusion of an emphasis-of-matter 
paragraph in the auditor's report. 


The auditor may consider including in the audit documentation a summary of significant findings 
or issues identified during the audit and how they were addressed. Such summary may help 
facilitate effective and efficient reviews and inspections as well as to ensure that the auditor has 
appropriately considered the significant findings or issues and conclusions reached. 


2.4.4 Other Documentation Requirements 


Specific audit documentation may also be required by other auditing standards, such as those 
related to the consideration of internal control, the consideration of fraud risk factors, etc. 


2.4.5 Tickmarks 


Auditors often use tickmarks or symbols, indicating the work that has been performed. Audit 
documentation should include explanations of any tickmarks used. 


ABC Company 
Bank Reconciliation 
December 31, Year X 


Cash balance per bank $275,000 v 
Add: deposits in transit 
27 - Dec $8,490 A 
29 - Dec 3,000 A 
30 - Dec 2,500 A 13,990 U 
Less: Outstanding checks 
#34582 $2,456 ® 
#34584 1,300 ® 
#34585 1,414 ® 5,170 UW 
Cash balance per books $283,820 UX 
v Agreed to 12/31 bank statement 
A Agreed to deposit ticket 
uv Footed 
® Agreed to voucher register 
x Agreed to cash balance in general ledger 
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Framework 


1 Overview of Internal Control 


A key component of risk assessment is obtaining an understanding of an entity's system of 
internal control. Even if an auditor does not test or rely on internal controls, the auditor must 
obtain an understanding of internal control as it is relevant to the auditor's identification and 
assessment of the risk of material misstatement. 


A control is a policy or procedure established to achieve the control objectives of management 
and those charged with governance. 


An entity's objectives may be divided into three categories: 
1. Reliability of financial reporting 
2. Effectiveness and efficiency of operations 


3. Compliance with applicable laws and regulations 


Lo Pass Key 


The reliability of the financial reporting objective is most relevant to the audit. Controls 
relating to the operations and compliance objectives may occasionally be relevant to the 
audit, for example, if they relate to nonfinancial data used in analytical procedures, or if 
they relate to noncompliance with laws or regulations that have a direct and material effect 
on the financial statements. 


2 COSO Internal Control Framework 


The Committee of Sponsoring Organizations (COSO), an independent private sector initiative, 
was initially established in the mid-1980s to study the factors that lead to fraudulent financial 
reporting. The private "sponsoring organizations" include the five major financial professional 
associations in the United States: the American Accounting Association (AAA), the American 
Institute of Certified Public Accountants (AICPA), the Financial Executives Institute (FEI), the 
Institute of Internal Auditors (IIA), and the Institute of Management Accountants (IMA). 


In 1992, COSO issued Internal Contro!l—Integrated Framework ("the framework") to assist 
organizations in developing comprehensive assessments of internal control effectiveness. 


Material from /nternal Control—Integrated Framework, © 2013 Committee of Sponsoring Organizations 


of the Treadway Commission (COSO). Used with permission. 
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In 2013, the framework received an update to deal with changes in technology, business models, 
globalization, outsourcing, and regulatory environment. One significant enhancement to the 
2013 update was the formalization of fundamental concepts that were part of the original 

1992 framework. Specifically, these fundamental concepts have evolved into 17 principles that 
have been categorized within the five major internal control components. Although there are 
other suitable frameworks that an entity may use to establish and evaluate a system of internal 
control, COSO's framework is widely regarded as an appropriate and comprehensive basis to 
document the assessment of internal controls over financial reporting. 


2.1 Purpose and Objectives of the Framework 


The framework is used by company management and its board of directors to obtain an initial 
understanding of what constitutes an effective system of internal control and to provide insight 
as to when internal controls are being properly applied within the organization. The framework 
also provides confidence to external stakeholders that an organization has a system of internal 
control in place that is conducive to achieving its objectives. Although the framework is widely 
regarded as effective, it is subject to the same inherent limitations of any framework or system 
of internal control including circumstances such as human error or management override. 
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An effective system of internal control requires more than adherence to policies and 
procedures by management, the board of directors, and the internal auditors. It requires 
the use of judgment in determining the sufficiency of controls, in applying the proper 
controls, and in assessing the effectiveness of the system of internal controls. The 
principles-based approach of the framework supports the emphasis on the importance 
of management judgment. 


2.2 The COSO Cube 


The 2013 framework continues to use a 

cube to depict the relationship between an 
entity's objectives, integrated internal control 
components, and organizational structure. 
The three categories of objectives (operations, 
reporting, and compliance) are shown as 
columns on the cube, and the five internal 
control components (control environment, risk 
assessment, control activities, information 
and communication, and monitoring activities) 
are depicted as rows. Additionally, the entity's 
organizational structure (entity level, division, 
operating unit, and function) is shown on the Mou lonng neunides 
cube as a third dimension. 


g 
, 


Information & Communication 


Internal Contro/—Integrated Framework, © 2013 
Committee of Sponsoring Organizations of the Treadway 
Commission (COSO). Used with permission. 
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2.3. Components and Principles of the COSO Framework 


The updated framework retained the original five integrated components of internal control, 
including the control environment, risk assessment, information and communication, monitoring 
activities, and (existing) control activities. These components and the 17 related fundamental 
principles listed below are needed to achieve the three objectives of internal control. 


= Control Environment 

Commitment to ethics and integrity 
Board independence and oversight 
Organizational structure 


Commitment to competence 


oe wo > 


Accountability 
= Risk Assessment 
6. Specify objectives 
7. Identify and analyze risks 
8. Consider potential for fraud 
9. Identify and assess changes 
= Information and Communication 
10. Obtain and use information 
11. Internally communicate information 
12. Communicate with external parties 
= Monitoring Activities 
13. Ongoing and/or separate evaluations 
14. Communication of deficiencies 
=m (Existing) Control Activities 
15. Select and develop control activities 
16. Select and develop technology controls 


17. Deployment of policies and procedures 


Pass Key 


An auditor must obtain an understanding of the design and implementation of the system 
of internal control during the planning stage of the audit. In order for the auditor to 
understand the design and implementation of controls, the auditor should understand the 
components of the system of internal control. 


© Becker Professional Education Corporation. All rights reserved. Module 4 A2-29 


COSO Internal Control Framework AUD 2 


Control Environment 


Monitoring Existing 
Control 
Activities 


Pass Key 


Remember that it would be a CRIME if you forgot the five components of internal control: 


C - Control Environment 


Risk Assessment 


Information and Communication 


R 
| 
M - Monitoring 

E 


(Existing) Control Activities 


3 Components of Internal Control 


3.1. Control Environment 
The control environment: 
= Sets the tone of an organization, influencing the control consciousness of its employees. 


= Provides discipline and structure as the foundation for all other components of the system 
of internal control. 


= Originates with, and is generated by, management and those charged with governance. 
Controls related to the control environment are primarily indirect controls. 
3.1.1. Auditor's Understanding of the Control Environment 


When performing risk assessment procedures, the auditor should obtain an understanding 
of the control environment relevant to the preparation of the financial statements by 
understanding the controls, processes, and structures that address: 


= management's establishment and oversight of the entity's culture and commitment to 
integrity and ethical values; 


= how those charged with governance, when separate from management, oversee the entity's 
system of internal control; 
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=m the entity's assignment of authority and responsibility; 
= how the entity attracts, develops, and retains competent individuals; and 


= how the entity holds individuals accountable for their responsibilities related to the 
objectives of the system of internal controls. 


Based on the understanding obtained, the auditor should evaluate whether: 


= management, with the oversight of those charged with governance, has created and 
maintained a culture of honesty and ethical behavior; 


= the control environment provides an appropriate foundation for the other components of 
the system of internal control; and 


= control deficiencies identified in the control environment undermine the other components 
of the system of internal control. 


The auditor should consider the impact of the entity's use of IT when evaluating the control 
environment to ensure that the governance and organizational structure in place related to IT is 
consistent with the nature and complexity of the entity's use of IT. 


3.1.2 Those Charged With Governance 


The auditor should understand the attitudes, awareness, and actions of those charged with 
governance, with respect to the system of internal control. The responsibilities of those charged 
with governance include: 


= Evaluating the actions of management, understanding the entity's business transactions, 
and overseeing the financial reporting and disclosure process. 


= Balancing the conflicting pressures that may be placed on management (i-e., fair financial 
reporting versus positive operating results). 


=m Overseeing "whistleblower" procedures. 
= Overseeing the process for reviewing the effectiveness of the design, implementation, and 
operation of the entity's system of internal control. 


3.2. Risk Assessment 


Risk assessment is an entity's identification and analysis of risks to the achievement of its 
objectives. (Note that this component concerns the assessment by management of risk facing 
the entity, not the auditor's assessment of control risk.) 


The entity's risk assessment for financial reporting purposes involves the identification, analysis, 
and management of business risks relevant to the preparation of fairly presented GAAP 
financial statements. Relevant accounting risks include, for example, the occurrence of external 
and internal events and circumstances that may adversely affect the entity's ability to initiate, 
authorize, record, process, and report financial data. The risk assessment processes used by 
management and process owners should also consider the IT organization. 


Circumstances from which risks may arise include: 

=m Change in the regulatory or operating environment 
New personnel 

New or revamped information systems 


Environment, social and governance issues (ESG) 


Rapid expansion of operations 
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Use of IT and the incorporation of new technology 
New business models, products, or activities 
Corporate restructuring 


Expansion or acquisition of foreign operations 


Adoption of new or different accounting principles or pronouncements 


Management may take action to address risk, or may decide to accept a risk based on cost 

or other considerations. The auditor should consider whether business risks identified by 
management may result in material misstatement. If management fails to identify a risk of 
material misstatement identified by the auditor, the auditor should consider why the entity's risk 
assessment process failed and consider the implications for the auditor's overall evaluation of 
the risk assessment process. 


3.2.1 Auditor's Understanding of the Risk Assessment Process 


The auditor should obtain an understanding of the entity's risk assessment process relevant 
to the preparation of the financial statements. This includes understanding how the entity 
identifies business risks, including the potential for fraud, how the entity assesses the 
significance and likelihood of the risks, and how the risks are managed or addressed. The use 
of IT may also create additional risks. The auditor must also evaluate the entity's use of IT to 
determine whether and to what extent the following risks exist: 


= Potential reliance on inaccurate systems. 

Unauthorized access to data, which may result in loss of data and/or data inaccuracies. 
Unauthorized changes to data, systems, or programs. 

Failure to make required changes or updates to systems or programs. 


Inappropriate manual intervention. 


Potential loss of data. 
The auditor should use the information obtained to evaluate whether the entity's risk 
assessment process is appropriate given the nature and complexity of the entity. 


3.3. Information and Communication Systems 


Information and communication systems support the identification, capture, and exchange of 
information in a timely and useful manner. 


3.3.1 Information Systems 


The information system relevant to financial reporting consists of activities and policies, and 
accounting and supporting records, designed and established to do the following: 


m Initiate, record, and process entity transactions and to resolve the incorrect processing of 
transactions. 


=m Process and account for system overrides or bypasses to controls. 
= Incorporate information from transaction processing in the general ledger. 


= Capture and process information relevant to the preparation of the financial statements for 
events and conditions other than transactions, such as depreciation and amortization of 
assets or changes to asset recoverability. 


= Ensure information required to be disclosed is accumulated, recorded, processed, 
summarized, and appropriately reported in the financial statements. 
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3.3.2 Communication Systems 


Communication involves providing an understanding of individual roles and responsibilities 
pertaining to an entity's system of internal control. Communication may be written (policy and 
procedure manuals, financial reporting manuals, and memoranda), oral, or by example (through 
the actions of management). The auditor should obtain an understanding of: 


=m The methods used to communicate between people within an entity regarding roles, 
responsibilities, and significant matters related to financial reporting. 


= Communications between management and those charged with governance (particularly 
the audit committee), and between management and external parties, such as 
regulatory authorities. 


3.3.3. Auditor's Understanding of the Information System 
and Communication Systems 


Through performing risk assessment procedures, the auditor should obtain an understanding of 
the entity's information system and communication relevant to the preparation of the financial 
statements. For significant classes of transactions, account balances, and disclosures, the 
auditor should understand the activities, data, and policies related to: 


= How information flows through the entity's information system, including how transactions 
and other information are initiated, recorded, processed, corrected (as necessary), included 
in the general ledger, and reported in the financial statements. 


=m The accounting records, specific accounts in the financial statements, and other supporting 
records relating to the flows of information in the information system. 


= The financial reporting process used to prepare the entity's financial statements, 
including disclosures. 


= The entity's resources, including the IT environment, relevant to the processing of 
information. 
3.4 Monitoring 


Monitoring is the process that an entity uses to assess the quality of control performance over 
time, by assessing the design and performance of controls on a timely basis and taking the 
necessary corrective actions. 


Establishing and maintaining a system of internal control is a responsibility of management. 
Management must monitor controls to determine whether they are operating as intended and 
whether they have been modified appropriately for changes in conditions. 


3.4.1 Auditor's Understanding of the Monitoring Process 


The auditor should obtain an understanding of the following related to an entity's process for 
monitoring the system of internal controls relevant to financial reporting: 


= Ongoing and separate evaluations for monitoring the effectiveness of controls and the 
identification, remediation, and communication of control deficiencies. 


=m The entity's internal audit function, including the nature, responsibilities, and activities. 


= The sources of information used in the monitoring process and the basis upon which 
management considers the information to be sufficiently reliable. Information may come 
from external sources, such as customer complaints or regulator comments. 


The auditor's evaluation should include consideration of the monitoring process based on the 
nature and complexity of the entity. 
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3.5 Existing Control Activities 


Existing control activities are controls that are designed to ensure the proper application of 
policies and procedures that help ensure that management directives are carried out and that 
necessary steps to address risks are taken. Control activities primarily include direct controls, 
but may also include indirect controls. 


Vex Pass Key 


The mnemonic "PAID TIPS" will help you remember the control activities in a strong system 
of internal control. 


Control activities relevant to an audit include the following procedures. 
= Prenumbering of Documents 

Prenumbering helps to assure that: 

e All transactions are recorded (completeness). 

e No transactions are recorded more than once (existence). 
= Authorization and Approval of Transactions 


Authorization affirms a transaction is valid and should occur before commitment of 
resources. 


= Independent Checks to Maintain Asset Accountability 


Independent checks involve the verification of work previously performed by others or the 
reconciliation of two or more data elements. Examples include: 


e — Review of bank reconciliations. 

e Comparison of subsidiary records to control accounts. 

e Comparison of physical counts of inventory to perpetual records. 
= Documentation 


Documentation provides evidence of the underlying transactions and is a basis for 
establishing responsibility for the execution and recording of transactions. 


= Timely and Appropriate Financial Performance Reviews 
e Comparison of actual performance to budgets, forecasts, and prior periods. 


e Comparison of financial and nonfinancial information (for example, the management of a 
sports team might use attendance data to ascertain the reasonableness of ticket sales). 


e Review and evaluation of functions or activities (for example, sales reports and 
receivable reports may be used to analyze performance and to identify errors). 


= Information Processing Controls 


Information processing controls help to protect the integrity of information in the entity's 
information system by ensuring that transactions are valid, properly authorized, and 
completely and accurately recorded. 


e These controls may be automated (that is embedded in IT applications). 


e Manual information processing controls may include controls over the input or output 
of information into and out of the information system. 
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= Physical or Logical Controls for Safeguarding Assets and Information 


Physical and logical controls for safeguarding assets involve security devices and limited 
access to programs and restricted areas, including computer facilities and IT infrastructure. 
Examples include: 


e Physical segregation and security of assets, protective devices, and bonded or 
independent custodians (e.g., banks, safe deposit boxes, lock boxes, locked doors 
requiring access cards or keys, and independent warehouses). 


e Logical access controls such as passwords, multi-factor authentication, or biometrics 
to ensure that the proper individuals are accessing information for which they are 
authorized. 


e Access control lists to ensure users have the correct permissions to create/write, 
read, and remove information or data and to update the permissions of other users 
when necessary. 


e Periodic counting and comparison of actual assets with amounts shown in accounting 
records (e.g., physical counts and inspections of assets, reconciliations, and user review 
of computer-generated reports). 


=m Segregation of Duties 


Segregation of duties involves ensuring that individuals do not perform incompatible duties. 
Duties should be segregated such that the work of one individual provides a cross-check 

on the work of another individual. Generally, assigning different people the responsibilities 
of authorizing transactions, recording transactions, and maintaining custody of the related 
assets reduces the opportunities for any individual to both perpetrate and conceal errors or 
fraud in the normal course of duties. 


Segregation of duties is particularly important with respect to an entity's IT environment. 
As many of the functions within an IT environment are performed by the application, 
responsibilities related to granting and restricting access to production programs, data, and 
execution activities should be performed by different individuals or groups. 
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The examiners frequently test segregation of duties. To help you remember the functions 
that should not be combined: "Segregation of duties" is your ARC to protect against a flood 
of troubles: 


e Authorization 
e Record keeping 


e Custody of related assets 
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3.5.1 Auditor's Understanding of Control Activities 


The auditor often obtains knowledge about control activities while studying the other 
components of the system of internal control, and uses judgment to determine whether 
additional knowledge must be obtained. 


An audit does not require an understanding of all control activities. The auditor's primary 
consideration should be whether, and how, a control prevents, or detects and corrects, 
material misstatements. 


Summary of the Five Components of Internal Control 


Component Description Key Points 


Control Environment | Sets the tone of the organization. e Integrity 
© Competence 


© Participation of those charged with 
governance 


© Management philosophy 
© Organizational structure 
e Assignment of responsibility 


© Human resource policies 


Risk Assessment Identification by management of the © Risks are generally related to 

risks relevant to the preparation of the changes. 

financial statements. 
Information and Methods used to classify and report © Initiating, authorizing, recording, 
Communications transactions, and to communicate roles processing, and reporting entity 
Systems and responsibilities. transactions, conditions, and events 


© Communicating roles and 
responsibilities 


Monitoring Procedures established to assess the © Internal audit function 
lity of control performance over 
ene Gantherpeiumnalite e Regular management and 
: supervisory activities 
© Other procedures such as mailing 
customer statements 
Existing Control Policies and procedures established to | ® Authorization 
Activities ensure that management objectives are a ccaaressnonmedinide 
carried out. Bree 


© Safeguarding of assets 


© Asset accountability 
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1 Overview of Planning 


During planning, the auditor is required to: 

= Obtain knowledge of the client's business and industry. 
= Develop the audit strategy. 

= Develop the audit plan. 
= 


Perform risk assessment procedures to obtain an understanding of the entity and its 
environment, including its system of internal control and the applicable financial reporting 
framework, sufficient to assess the risks of material misstatement and design further 
audit procedures. 


The nature and extent of necessary planning activities depend on the size and complexity of the 
company, the auditor's previous experience with the company, and changes in circumstances 
that occur during the audit. Factors that indicate less complex operations include fewer business 
lines, less complex business processes and financial reporting systems, more centralized 
accounting functions, extensive involvement of senior management in day-to-day operations, 
and few levels of management. 


va Pass Key 


The auditor plans the audit to be responsive to the initial assessment of the risk of material 
misstatement, but should be prepared to revise the audit strategy and the audit plan based 
on the results of audit procedures. 


1.1. Involvement of Key Engagement Team Members 


The engagement partner and other key members of the engagement team should be involved 
in planning the audit. The engagement partner is the member of the engagement team with 
primary responsibility for the audit. The engagement partner is responsible for: 


= Planning the audit 
=m Supervising the work of engagement team members 
= Compliance with relevant auditing standards 


The engagement partner may seek assistance from appropriate engagement team members in 
fulfilling these responsibilities. 
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1.2 Supervision of Assistants 


GAAS requires proper supervision of assistants during the course of the audit to ensure that the 
work performed is adequate to accomplish the objectives of the examination and is consistent 
with conclusions presented in the report. Guidance should be provided to assistants regarding 
both technical and personnel aspects of the audit. 


1.2.1 Proper Supervision 
When assistants are used, proper supervision includes: 
= Directing the efforts of assistants. 


= Communicating with the audit team regarding the susceptibility of the financial statements 
to material misstatement due to error or fraud. 


= Informing assistants of their responsibilities; the objectives of the procedures they are to 
perform; the nature, timing, and extent of procedures they are to perform; and any matters 
that may affect their performance of those procedures. 


=m Staying informed (e.g., by directing staff to report back) regarding significant accounting and 
auditing issues, new developments, and difficulties encountered in performing the audit, 
and evaluating whether appropriate action has been taken in accordance with applicable 
standards (SAS or PCAOB). 


= Reviewing the work performed by assistants to determine whether it was adequately 
performed and documented, whether the objectives of the audit were accomplished, and 
whether the work performed is consistent with the conclusions to be presented in the 
auditor's report. 


= Dealing with differences of opinion among members of the audit team. 


1.2.2 Nature, Extent, and Timing of Supervision 

The nature, extent, and timing of the supervision depend on: 
m= the size and complexity of the entity. 

m the nature of the work assigned. 

m the assessed risks of material misstatement. 

w 


the qualifications of the assistants. 


1.2.3 Disagreements Among Auditors 


A disagreement among members of the audit team regarding certain accounting and auditing 
issues may exist at the end of the audit. If the differences still exist after consulting with the 
auditor who has final responsibility for the audit (generally a partner), dissenting staff members 
should be allowed to disassociate themselves from the resolution by documenting their 
disagreement. In this event, the basis for the final resolution should also be documented. 
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2 Knowledge of the Client's Business and Industry 


The auditor is not required to have prior experience with a client's business or industry before 
accepting the engagement. However, once the engagement has been accepted, the auditor must 
obtain an understanding of the client's industry and business. 


2.1 Knowledge of the Client's Industry 


Obtaining knowledge about the client's industry helps to highlight practices unique to that 
industry that may have an effect on the client's financial statements. The most common sources 
of industry information are: 


m AICPA accounting and audit guides; 

= trade publications and professional trade associations; 
™ government publications; and 
ia 


AICPA Accounting Trends and Techniques (an annual survey of accounting practices). 


2.2 Knowledge of the Client's Business 


The auditor should obtain knowledge relating to the client's business before commencing 
the audit. Understanding the client's business provides information regarding events and 
transactions that may affect the client's financial statements. The auditor may: 


= Tour Client Facilities 


A tour of the client's facilities gives the auditor an excellent opportunity to meet the client's 
personnel and observe the general operation of the company. A well-organized tour can 
often save the auditor much time and effort during the course of the audit. As a practical 
matter, this step is most important for new client relationships. 


= Review the Financial History of the Client 


The auditor should review written documents relating to the current and past financial 
history of the client. These may include: 


e previous audit reports; 

e annual and permanent audit files; 

e — prior year and interim financial statements; 

e minutes of stockholders' and board of directors' meetings; 
e communications with third parties; 

e SEC filings; 

e Dun and Bradstreet reports; and 


e tax returns. 
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= Obtain an Understanding of Client Accounting 


The auditor should obtain an understanding of client accounting methodology because it 
affects the design of controls, which in turn affects planned audit procedures. Specifically, 
the auditor should obtain an understanding of: 


e Methods used to gather and process accounting information, including the extent to 
which computer processing is used and the use of any outside service organization. 
Such methods influence the client's design of controls and the auditor's consideration 
thereof. Review of the client's policies and procedures manual often provides 
information about client accounting. 


e Events and transactions that may affect the financial statements or are considered 
significant risks. 


e Other factors affecting audit risk, such as related party transactions. 
e Applicable accounting and auditing pronouncements. 
= Inquire of Client Personnel 


The auditor should inquire about current business developments affecting the entity. 


3 Developing the Audit Strategy 


3.1 Overall Audit Strategy 


The audit strategy outlines the scope of the audit engagement, the reporting objectives, 
timing of the audit, required communications, and the factors that determine the focus 
of the audit. The audit strategy also includes a preliminary assessment of materiality and 
tolerable misstatement. 


Developing the audit strategy early in the audit process helps the auditor determine the 
resources needed to complete the audit, including: 


= The involvement of other auditors, specialists, and the client's internal auditors. 


=m The assignment of staff to specific audit areas, including the assignment of more 
experienced staff to higher risk areas. 


=m The timing of testing (interim versus year-end) and audit team meetings. 
=m The budget hours to assign to specific audit areas. 


=m The extent, location, and timing of reviews of audit work. 


3.2. Factors That Determine the Focus of the Audit 


The factors that determine the focus of the audit team's efforts include: 

= Preliminary evaluations of materiality, audit risk, and controls. 

Material locations and account balances. 

Areas in which there is a higher risk of material misstatement, including disclosures. 


Significant accounting changes. 


Significant business and industry developments, including any legal or regulatory matters of 
which the company is aware. 


m Management's commitment to the design and operation of controls. 
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3.3. Scope of the Audit 


The characteristics that define the scope of the audit include: 


=m Characteristics of the engagement, including the basis of reporting, reporting currency, and 
locations of the entity. 


Industry-specific, regulatory, and statutory reporting requirements. 

The size and complexity of the entity to be audited, including parent-subsidiary relationships. 
The effect of information technology on the audit. 

Knowledge gained from prior experience with the entity. 


The use of service organizations by the entity. 


The extent of recent changes in the company, its operations, or internal control over 
financial reporting. 


m= The type and extent of evidence related to the effectiveness of internal control over 
financial reporting. 


3.4 Reporting Objectives, Audit Timing, and Required Communications 


The following matters should be considered when determining the audit reporting objectives, 
timing, and required communications: 


= Deadlines for interim and final reporting. 

=m Key dates for meetings with management and those charged with governance. 
m The expected type and timing of reports and other communications. 
w 


The nature and timing of audit team communications, including audit team meetings and 
reviews of audit work. 


m Expected or required communications with third parties. 
3.5 Other Considerations 


3.5.1 Small or Less Complex Entities 


For asmall entity, establishment of an audit strategy may be a simple and less formal process, 
such as preparing a brief memorandum at the end of one audit and updating it at the beginning 
of the next. 


3.5.2 Communication With Those Charged With Governance 


The auditor is required to communicate the planned scope and timing of the audit with those 
charged with governance. 
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4 Developing the Audit Plan 


The audit plan is based on the audit strategy and outlines the nature, extent, and timing of the 
procedures to be performed during the audit at the relevant assertion level for specific processes, 
accounts, or transactions. While creation of an audit plan typically follows development of the 
audit strategy, the two are closely interrelated and may overlap to some extent. 


An audit plan may be prepared by leveraging the prior year audit plan or by using a template. In 
either situation, the following items are included in the audit plan. 


Vx Pass Key 


Awritten audit plan (i.e., documentation of specific audit procedures) is required. 


4.1 Audit Procedures 


Audit procedures are performed to obtain evidence on which to base the audit opinion. 
Audit procedures may be categorized as either risk assessment procedures or further 
audit procedures. 


4.1.1 Risk Assessment Procedures 


Risk assessment procedures are used to obtain an understanding of the entity and its 
environment, including its system of internal control and the applicable financial reporting 
framework in order to assess the risks of material misstatement and determine the nature, 
extent, and timing of further audit procedures. Due to the wide range of detailed information 
that may be included in disclosures, it is important that risk assessment procedures include 
considerations related to disclosures early in the audit. 


It is important that the auditor evaluate whether the evidence obtained from the risk 
assessment procedures provides an appropriate basis for the identification and assessment of 
the risks of material misstatement and that all evidence, both corroborative and contradictory, 
is considered. Risk assessment procedures alone do not provide audit evidence sufficient to 
support an audit opinion. 


4.1.2 Risk Assessment Procedures for ERISA Plan Financial Statements Audit 


As part of obtaining an understanding of the entity sufficient to perform risk assessment 
procedures for an ERISA Plan Financial Statements Audit, the auditor should obtain and read the 
most current plan instrument for the audit period, including effective amendments. 


When designing and performing audit procedures for an ERISA Plan financial statement audit, 
the auditor should consider relevant plan provisions that affect the risk of material misstatement 
at the relevant assertion level for: 


= classes of transactions; 
= account balances; and 
= disclosures. 


If the auditor has determined that it is not necessary to test any relevant plan provisions, the 
auditor should document the considerations in reaching such conclusion. 
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Plan Tax Status 


When plans are granted tax-exempt status for the contributions and earnings on plan 
investments, such plans are required to be designed and operated in accordance with 
IRC requirements. 


e Management is responsible for conducting certain nondiscrimination and other 
compliance tests, which are required to be performed at least annually, unless 
otherwise provided by the IRC. 


e Audit should consider whether the plan has performed and passed, corrected, or 
intends to correct failures of relevant IRC compliance tests (may include inquiry 
and inspection). 


Prohibited Transactions 


The auditor should evaluate whether prohibited transactions identified by management 
or as part of the audit have been appropriately reported in the applicable ERISA-required 
supplemental schedules. 


e If the plan has entered into a prohibited transaction with a party in interest, and the 
prohibited transaction has not been properly reported in the applicable ERISA-required 
supplemental schedule, the auditor should discuss the matter with management. 


e If the ERISA-required supplemental schedule is not revised, the auditor should: 


— Discuss the matter with those charged with governance (unless all those charged with 
governance are involved in managing the plan). 


— Modify the auditor's opinion on the ERISA-required supplemental schedule when the 
effect of the transaction is material based on the financial statements as a whole. 


—Include additional discussion in the other-matter paragraph in the auditor's 
report on the ERISA-required supplemental schedules describing the prohibited 
transaction when the effect of the prohibited transaction is not material to the 
financial statements. 


e Ifa material prohibited party-in-interest transaction that is not disclosed in the ERISA- 
required supplemental schedule is also considered a related party transaction and that 
transaction is not properly disclosed in the notes to the ERISA plan financial statements: 


Modify the auditor's opinion on the financial statements due to a departure from the 
applicable financial reporting framework. 


4.1.3. Further Audit Procedures 


Further audit procedures include tests of the operating effectiveness of controls and substantive 
procedures. 


Tests of Controls 


Tests of controls are used to evaluate the operating effectiveness of controls in preventing 
or detecting material misstatements. 


Tests of controls are necessary when: 


e the auditor's risk assessment is based to some extent on the operating effectiveness 
of controls. 


e substantive procedures alone are deemed to be insufficient. 
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= Substantive Procedures 


Substantive procedures are used to detect material misstatements. They include tests of 
details (as applied to transaction classes, account balances, and disclosures) and substantive 
analytical procedures. 


Substantive procedures are performed in response to the planned level of detection 
risk, which in turn may be based (to some extent) on the results of tests of controls. 


Because risk assessment is subjective, and because there are inherent limitations 
of controls, substantive procedures are required for each relevant assertion of each 
significant transaction class, account balance, and disclosure item, regardless of the 
assessed level of control risk. 


= Other Audit Procedures 


Other audit procedures (for example, a letter to the client's attorney) may be necessary to 
comply with GAAS. 


4.1.4 Audit Procedures for an ERISA Plan Financial Statements Audit 


For audit procedures for all audits of ERISA plan financial statements, including an ERISA Section 
103(a)(3)(C) audit, the auditor should perform the procedures necessary to become satisfied 
that received and disbursed amounts (for example, employer or employee contributions and 
benefit payments) reported by the trustee or custodian were determined in accordance with the 
plan provisions. 


When management elects to have an ERISA Section 103(a)(3)(C) audit, the auditor should: 


=m Evaluate management's assessment of whether the entity issuing the certification is a 
qualified institution under DOL rules and regulations. 


If the auditor has concerns about whether the entity preparing and certifying the 
investment information is a qualified institution, the auditor should discuss his or her 
concerns with management. 


If management does not provide sufficient information that supports its determination 
that the entity preparing and certifying the investment information is a qualified 
institution, then the auditor should discuss his or her concerns with those charged with 
governance and determine the implications for the audit. 


= The auditor should identify which investment information is certified. 


=m The auditor should perform the following procedures on the certified investment information: 
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Obtain from management and read the certification as it relates to investment 
information prepared and certified by a qualified institution. 


Compare the certified investment information with the related information 
presented and disclosed in the ERISA plan financial statements and ERISA-required 
supplemental schedules. 


Read the disclosures relating to the certified investment information to assess whether 
they are in accordance with the presentation and disclosure requirements of the 
applicable financial reporting framework. 


If the auditor becomes aware that the certified investment information in the 
financial statements and related disclosures is incomplete, inaccurate, or otherwise 
unsatisfactory, the auditor should discuss the matter with management and perform 
additional procedures to determine the appropriate course of action. 
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= The auditor should perform audit procedures on the financial statement information, 
including: 


e Disclosures, not covered by the certification; and 


e Noninvestment-related information based on the assessed risk of material 
misstatement. 


Plans may hold investments in which only a portion are covered by a certification by a qualified 
institution. In that case, the auditor should perform audit procedures on the investment 
information that has not been certified. 


4.1.5 Timing of Audit Procedures 
= Testing at an Interim Date 


During planning, the auditor generally establishes the timing of the audit work, which 

may include the gathering of audit evidence at interim dates. When audit procedures are 
performed before year-end, the auditor must assess the incremental risk involved and 
determine whether sufficient alternative procedures exist to extend the interim conclusions 
to year-end. 


= Effect of Information Technology 


The auditor should consider the methods used by the client to process accounting 
information, and whether those methods affect the availability of data. For example, when 
computer processing is used, documents may exist only briefly because they are discarded 
once information is entered into the system. In such situations, the auditor may need to 
schedule audit procedures to coincide with the availability of information. The auditor 
should also consider performing tests several times during the year. 


5 Consideration of Financial Statement Assertions 


Further audit procedures (tests of controls and substantive procedures) are performed at the 
relevant assertion level for each significant account balance, transaction class, and disclosure 
item in the financial statements. 


5.1. What Are Financial Statements? 


Financial statements are not statements of facts. They are claims and assertions, made implicitly 
or explicitly by management, about the recognition, measurement, presentation, and disclosure 
of information in the financial statements. 


5.2 Assertions 


There are six main financial statement assertions: 


1. Completeness 


All account balances, transactions, and disclosures that should have been recorded have 
been recorded and included in the financial statements. 


2. Cutoff 
Transactions have been recorded in the correct (proper) accounting period. 
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3. Valuation, Allocation, and Accuracy 


Account balances, transactions, and disclosures are recorded and described fairly and 
measured at appropriate amounts, and any resulting valuation or allocation adjustments 
are appropriately recorded. 


4. Existence and Occurrence 
Account balances exist, and transactions that have been recorded and disclosed have 
occurred and pertain to the entity. 

5. Rights and Obligations 
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity. 


6. Understandability of Presentation and Classification 


Transactions have been recorded in the proper accounts and appropriately aggregated 
or disaggregated. Financial information is appropriately presented and described, and 
disclosures are clearly expressed and understandable in the context of the applicable 
financial reporting framework. 


Vee Pass Key 


The mnemonic COVERUP may be used to aid in your memorization of the financial 
statement assertions. 


5.3. Relevant Assertions 


Relevant assertions are assertions that have an identified risk of material misstatement. In 
determining whether an assertion is relevant to a particular account, transaction, or disclosure, 
the auditor should consider both the likelihood and magnitude of misstatement. A risk of 
material misstatement exists when there is both a reasonable possibility of a misstatement 
occurring and, if it were to occur, of the misstatement being material. The determination of 
whether an assertion is relevant is made before the consideration of any related controls (based 
on inherent risk). 


= Transactions, Events, and Related Disclosures 


For transactions, events, and the related disclosures, relevant assertions may include 
completeness, cutoff, accuracy, classification, presentation, and occurrence. 


= Account Balances and Related Disclosures 


For account balances and the related disclosures, relevant assertions may include 
completeness, accuracy, allocation and valuation, rights and obligations, classification, 
presentation, and existence. 


= Other Disclosures 


The assertions may also be used by the auditor in considering the different types of 
misstatements that may occur in disclosures not directly related to transactions, events, or 
account balances. 
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5.4 Use of Assertions 


Assertions are used by the auditor when considering the types of potential misstatements that 
may occur when identifying, assessing, and responding to the risks of material misstatement. 
The auditor should identify potential misstatements that may occur and then design audit 
procedures to address those risks. 


The following table provides some examples of the use of relevant assertions in developing 
audit procedures for inventory. 


Relevant Assertion Potential Misstatement Audit Procedure 
Inventories included in the The inventory balance includes Physically examine 
balance sheet physically exist amounts that don't physically exist inventory items. 
(existence assertion). (i.e., inventory is overstated). 

Inventory balance includes Inventory items on hand are excluded | Observe physical 
all inventory on hand from the inventory balance (i.e., inventory counts. 
(completeness assertion). inventory is understated). 
Inventory balance includes all Inventory items stored at outside Obtain confirmation 
inventory stored at outside locations locations are excluded from the of inventories held at 
(completeness assertion). inventory balance (i.e., inventory outside locations. 

is understated). 


Note the following: 


=m There may be more than one relevant assertion related to the same transaction class, 
account balance, or disclosure. 


=m Agiven audit procedure may provide evidence supporting more than one assertion. For 
example, when an auditor obtains confirmation of inventories held at outside locations, 
evidence is obtained about both the completeness and the existence of inventory. 


= More than one procedure may be required to fully support an assertion. For example, in 
order to be reasonably certain that inventory quantities include all inventory on hand at 
year-end, the auditor should also inspect receiving reports near year-end for recording in 
the proper period. 


© Becker Professional Education Corporation. All rights reserved. Module 5 A2-47 


Planning AUD 2 


6 Written Audit Plan 


6.1 Drafting the Audit Plan 


After sufficient planning information has been gathered, an audit plan should be drafted. A 
written audit plan is required for every audit. The audit plan is a listing of audit procedures that 
the auditor believes are necessary to accomplish the objectives of the audit. It serves as the 
work plan for the supervising auditor and assistants working on the engagement. Thus, the audit 
plan should set out procedures in reasonable detail, specifying the nature, extent, and timing 

of the work to be performed, and include a reference to the assertion under consideration (this 
reference may be implied as to the objective). 


For example: 
"Perform a specified procedure (e.g., count/vouch/trace/compare/calculate/ 
confirm/examine)... - nature 
".,,.0n [a specified number of records from a specified population] - extent 


"\.as of [some interim date or year-end, either for the entire period or from 
the date of interim fieldwork]." - timing 


As the audit progresses, the initial audit plan may need to be modified in response to changing 
conditions or the results of other procedures. Modifications are often made after assessing 

the risks of material misstatement, or based on the results of audit procedures. The audit plan 
should be designed so that the audit evidence gathered will support the auditor's conclusions. 


6.2 Group Audit Plan 


The group audit team should develop a group audit strategy and a group audit plan. The group 
audit plan should detail the extent to which the group engagement team will use the work of 
component auditors and whether the auditor's report on the group financial statements will 
make reference to the audit of a component auditor. 


7 Communicating the Planned Scope and Timing of an 
Engagement 


The auditor should communicate with those charged with governance regarding the planned 
scope and timing of the audit, including communication regarding the significant risks identified. 
The purpose of communicating this information is to provide insight to those charged with 
governance regarding the auditor's activities, as well as to improve the auditor's understanding 
of the entity. Additionally, the communication of information regarding significant risks may 
assist those charged with governance in fulfilling their responsibilities related to overseeing the 
financial reporting process. The auditor should consider the following when communicating the 
planned scope and timing: 


= The auditor may communicate how significant risks of material misstatement will be 
addressed, the planned approach toward the system of internal control, factors affecting 
materiality, and any potential use of internal audit staff or specialist. 


=m The auditor may also communicate the planned approach for addressing implications 
for the financial statements and disclosures related to any significant changes within the 
applicable financial reporting framework or the entity's business environment. 
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=m The auditor should be careful not to compromise the effectiveness of audit procedures, for 
example by making them too predictable. 


m= When the auditor has been engaged to communicate key audit matters, the auditor may 
communicate preliminary views about areas requiring significant auditor attention. 


=m The auditor also may solicit information from those charged with governance. For example, 
the auditor may inquire as to the party with whom the auditor should communicate; the 
allocation of responsibility between management and those charged with governance; the 
entity's objectives, strategies, and risks, matters to which the auditor should pay particular 
attention; and significant communications between the entity and regulators. 


= The communication also may include discussion of the attitudes, awareness, and actions 
of those charged with governance with respect to internal control, fraud, relevant changes 
(e.g., changes to financial reporting, accounting standards, laws, etc.), and matters 
previously communicated by the auditor. 


PCAOB Standards: Guidance for Issuers 


The PCAOB's audit committee communication requirements for issuers include the 
following additional information related to the planned scope and timing of the audit: 


= The nature and extent of specialized skill or knowledge needed to complete 
the engagement. 


= The extent to which the auditor will use the work of the company's internal 
auditors when performing the financial statement audit. 


= The extent to which the auditor will use the work of internal auditors, company 
personnel, and third parties when performing the internal control audit. 


= Thenames, locations, and responsibilities of other public accounting firms 
that will perform audit procedures. 


= The basis for the determination that the auditor is the principal auditor, if 
other auditors will perform significant work in the engagement. 
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MODULE 


Using the Work 
of Others 


1 ‘Client's Internal Auditors 


When planning the audit, the auditor should consider the extent of involvement of the client's 
internal auditors in the performance of the audit. Although internal auditors must maintain 
objectivity and integrity, they are not independent of the client, their employer. Thus, the 
independent external auditor cannot share with the internal auditor any of the responsibility for 
audit decisions, judgments, or assessments made as part of the audit (such as those concerning 
materiality or accounting estimates), or any of the responsibility for issuing the report. 


1.1. Effect of the Internal Auditor's Work 


The work of an internal auditor may aid the external auditor in obtaining an understanding of 
the client's system of internal control, assessing risk, and performing substantive procedures. 
In judging the extent of the effect of the internal auditor's work, the CPA should consider the 
materiality of financial statement amounts, the risks of material misstatement, and the degree 
of subjectivity involved in evaluating evidence. 


For assertions related to material financial statement amounts with a high risk of material 
misstatement or a high degree of subjectivity, the internal auditor's work alone cannot eliminate 
direct testing by the CPA (e.g., assertions about the valuation of assets/liabilities involving 
significant accounting estimates, or assertions about the existence/disclosure of related party 
transactions, contingencies, uncertainties, and subsequent events). 


For assertions related to less material financial statement amounts with a low risk of material 
misstatement or a low degree of subjectivity, direct testing by the CPA may not be necessary 
(e.g., assertions about the existence of cash, prepaid assets, or fixed asset additions). 


1.2 Direct Assistance Provided by the Internal Auditor 


An external auditor may request that the internal auditor perform a specific task to aid in the 
conduct of the audit. The external auditor should supervise, review, evaluate, and test the work 
performed, and there should be communication between the auditors regarding responsibilities, 
objectives, and accounting/auditing issues. 


1.3. External Auditor Responsibilities 


1.3.1 Obtain an Understanding of the Internal Audit Function 


Since internal auditors often review and assess an entity's controls, the internal audit function is 
considered to be part of the monitoring component of the client's system of internal control. The 
external auditor should therefore obtain an understanding of the internal audit function (scope 
of activities, procedures used, access to records) and determine whether any internal audit 
activities are relevant to the audit. 
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1.3.2 Evaluate the Internal Audit Function 


The external auditor may use the internal auditors to provide direct assistance or use the work 
of the internal audit function in obtaining audit evidence. 


= Direct Assistance: If the auditor plans to use the internal auditors to provide direct 
assistance, the internal auditor's competence and objectivity must be assessed. 


= Use of Work of Internal Auditor: The external auditor may be able to use the work of the 
internal audit function in obtaining audit evidence depending on the competency of the 
internal audit function, objectivity of the internal auditors, and whether the internal audit 
function applies a systematic and disciplined approach, including quality control. 


e Competence is reflected by education, professional certification, experience, 
performance evaluations, the audit plan, audit procedures, and the quality of internal 
audit documentation. 


e Objectivity is reflected by the organizational level to which the internal auditor 
reports, as well as by policies prohibiting audits of areas in which the internal auditor 
lacks independence. 


e Application of a systematic and disciplined approach is reflected by the existence, 
adequacy, and use of documented internal audit procedures or guidance covering such 
areas as risk assessments, work programs, documentation, and reporting. In addition, 
the internal audit function may demonstrate a systematic and disciplined approach 
by applying appropriate quality control policies and procedures or quality control 
requirements in standards set by relevant professional bodies for internal auditors. 


= Supervise and Review: The external auditor should supervise and review all work 
performed on the audit. 


= Bear Responsibility: The external auditor remains solely responsible for the report on the 
financial statements. Although internal auditors may assist with regard to routine tasks, 
they may not be utilized to make judgment calls. These remain the responsibility of the 
independent auditor. 


2 Using the Work of a Specialist 


An auditor may decide during planning that it is necessary to use the work of a specialist in 
order to obtain competent audit evidence related to balances, transactions, or disclosures that 
are material to the fair presentation of financial statements. In addition, the entity may use the 
work of a specialist to assist the entity in the preparation of the financial statements. 


2.1. Wholsa Specialist? 


A specialist is a person or firm with special skills in a field other than accounting or auditing 
(e.g., actuaries, appraisers, attorneys and engineers). 


= Auditor's Specialist: An auditor's specialist is an individual or organization whose work in a 
field other than accounting or auditing is used by the auditor to assist in obtaining sufficient 
appropriate audit evidence. An auditor's specialist may be an internal specialist employed 
by the auditor's firm or a network firm, or an external specialist. 


= Management's Specialist: Management's specialist is an individual or organization whose 
work in a field other than accounting or auditing is used by the entity to assist the entity in 
preparing the financial statements. 
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PCAOB Standards: Guidance for Issuers 


The guidance for using the work of specialists and supervising specialists is similar 
under PCAOB and SAS standards. However, the PCAOB standards use terms that 
are different from the SASs: 


Internal auditor specialist 


(employed by auditor's firm) Auditor-employed specialist 


External auditor specialist Auditor-engaged specialist 


| Management specialist Company specialist 


2.2 Use of an Auditor's Specialist 


2.2.1 Determine the Need for an Auditor's Specialist 


An auditor's specialist may be engaged whenever the auditor believes that it is desirable or 
necessary. For example, specialists may be used to: 


= Value restricted securities and works of art. 


= Determine physical characteristics (e.g., related to mineral reserves or large quantities of 
fungible goods). 


=m Determine specialized estimates, such as actuarial calculations used to determine employee 
benefit obligations. 


m= Interpret technical standards or legal documents. 


2.2.2 Understand the Specialist's Field of Expertise 


The auditor should have a sufficient understanding of the specialist's field of expertise to enable 
the auditor to: 


1. determine the nature, scope, and objectives of the work of the auditor's specialist; and 


2. evaluate the relevance, reliability, and adequacy of the specialist's work for the 
auditor's purposes. 


2.2.3 Competence, Capabilities, and Objectivity 


The auditor must be satisfied as to the professional competence, capabilities, and objectivity of the 
specialist, including, for an external (auditor-engaged) specialist, the entity employing the specialist. 
To assess competence and capability, the auditor should obtain an understanding of the specialist's 
(and when applicable, the employer of the specialist's) professional certification, experience, and 
reputation. The auditor should evaluate whether the specialist may have a relationship with the 
entity that may affect the specialist's objectivity (e.g., review engagement contracts between the 
entity and specialist, responses to questionnaires about business or family relationships). 


Generally, a specialist who is unrelated to the client will provide the auditor with greater 
assurance of reliability, although the auditor should inquire regarding interests and relationships 
that may create a threat to objectivity. A specialist who is related to the client may be acceptable 
in some circumstances. The auditor should perform additional procedures when a relationship 
between the entity and the auditor's specialist might impair the objectivity of the specialist. 
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2.2.4 Agreement With the Auditor's Specialist 


The auditor should agree, in writing when appropriate, with the auditor's specialist (whether 
internal or external) regarding: 


1. the nature, scope, and objectives of the work of the auditor's specialist; 


2. the respective roles and responsibilities of the auditor and the auditor's specialist, including the 
specialist's responsibility for evaluating source data, methods, and significant assumptions; 


3. the nature, timing, and extent of communication between the auditor and the auditor's 
specialist; and 


4. the need for the auditor's specialist to observe confidentiality requirements. 


2.2.5 Evaluate the Adequacy of Work 


The auditor should perform specific procedures to evaluate the relevance, reliability, and 
adequacy of the work of the auditor's specialist, which may include the following: 


m Making inquiries of the auditor's specialist. 


= Reviewing the working papers, including the data, significant assumptions, and methods 
used by the specialist. 


e For data based on company-produced data, test the accuracy and completeness of data. 
e For data based on external data, evaluate the relevance and reliability of data. 


e For significant assumptions, obtaining an understanding and evaluating the 
assumptions, including determining the consistency of assumptions with relevant 
information (existing marketing information, assumptions generally accepted in the 
specialist field, company's objectives, historical experience, economic conditions). 


e For methods, determine whether the method is appropriate for the circumstances, 
taking into account the requirements of the applicable financial reporting framework. 


=m Reviewing reports of the auditor's specialist (including considering any limitations in the report). 
=m Performing procedures, such as: 
e Observing the work of the auditor's specialist. 
e — Examining published data, such as statistical reports from reputable, authoritative sources. 
e Confirming relevant matters with third parties. 
e Performing detailed analytical procedures. 
e Reperforming calculations. 


= Engaging in discussion with another specialist with relevant expertise when, for example, 
the findings or conclusions of the auditor's specialist are not consistent with other 
audit evidence. 


= Discussing the report of the auditor's specialist with management. 


2.2.6 Extent of Evidence 
The necessary extent of evidence from the specialist depends on: 


m= the significance of the specialist's work to the auditor's conclusion regarding the 
relevant assertion and to the overall context of the audit; 


=m the risk of material misstatement in the matter to which the specialist's work relates; and 


=m the knowledge, skill, and ability of the specialist. 
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2.2.7 Effect on the Auditor's Report 


If the specialist's findings indicate that the financial statements are not in conformity with 
GAAP, a qualified or adverse opinion would be issued. An unresolved difference between the 
specialist's findings and the financial statements, or an unresolved disagreement between the 
auditor and the specialist, would lead to a qualified opinion or disclaimer of opinion due to a 
scope limitation. If, as a result of the work performed by the specialist, the auditor decides to 
express a modified opinion or add explanatory language, the auditor may refer to the specialist 
in the report and should indicate that the reference to the specialist does not reduce the 
auditor's responsibility for the audit opinion. In addition, an auditor of an issuer or nonissuer 
may reference the specialist if it helps the users understand a critical audit matter or key audit 
matter. The auditor may need the permission of the auditor's specialist before making reference 
to the specialist in the report. If the auditor is expressing an unmodified (unqualified) opinion, 
no reference should be made to the work of the specialist. 


2.3. Use of a Management's Specialist 


If information to be used as audit evidence is prepared using the work of a management's 
specialist, the auditor should: 


1. evaluate the competence, capabilities, and objectivity of the specialist; 
2. obtain an understanding of the work of the specialist; and 


3. evaluate the appropriateness of the specialist's work as audit evidence for the 
relevant assertion. 


2.3.1 Nature, Timing, and Extent of Procedures when Using a Management's Specialist 


The nature, timing, and extent of procedures performed by the auditor when evaluating the 
work of a management's specialist will vary based on the specific circumstances. The extent of 
the evaluation performed by the auditor may be impacted by factors such as: 


= The complexity of the matter to which the specialist's work relates and the nature and scope 
of their work 


= The risk of material misstatement of the matter 
= The availability of other sources of audit evidence related to the matter 


= The relationship between the client and the specialist, including consideration of whether 
the client can exercise influence or control over the specialist 


= Nature of any controls related to the work of the specialist 


= The auditor's knowledge and expertise in the related field and any previous experience with 
the management's specialist 


As the significance of the work of the management's specialist, the related risk of material 
misstatement at the assertion level, or the ability of management to influence the specialist 
increases, more persuasive audit evidence should be obtained. Additionally, more audit 
evidence is needed when the auditor's confidence in the competence, capabilities, and 
objectivity of the specialist decreases. 


2.3.2 Evaluating the Work of a Management's Specialist 


The auditor must first obtain an understanding of the work of the performed by the 
management's specialist, including the relevant field of expertise. This will aid the auditor in 
understanding the work and help to determine if the auditor has the appropriate expertise to 
evaluate the work of the specialist. An auditor's specialist may be necessary when the auditor 
does not have adequate knowledge or experience in the relevant area. 


© Becker Professional Education Corporation. All rights reserved. Module 6 A2-55 


Using the Work of Others AUD 2 


When evaluating the appropriateness of the work of the management's specialist as audit 
evidence for the relevant assertion, the auditor should consider the following: 


= If significant assumptions were used, the appropriateness of those assumptions and the 
consistency with other relevant information. 


=m The appropriateness of the methods used, considering the requirements of the applicable 
financial reporting framework. 


=m The relevance and reliability of the source data used by the specialist. 


Ultimately, the auditor must assess the relevance and reasonableness of the specialist's 
findings, the consistency of the findings with other audit evidence, and whether the findings are 
appropriately reflected in the client's financial statements. 


3 Using the Work of an IT Auditor 


When planning the audit, the auditor must consider the impact of information technology on the 
entity's financial information. Information technology auditing is a specialized area of auditing; 
therefore, someone possessing specialized knowledge in information technology participating in 
the audit is called an IT auditor, not a specialist. 


The audit engagement partner must consider the appropriate competence and capabilities 
expected of the engagement team as a whole, which includes technical expertise, including 
expertise with relevant IT and specialized areas of accounting or auditing. IT auditors may be 
added to the engagement team in order to assess or test internal controls or to address risks of 
misstatements. IT auditors are considered members of the engagement team. 


3.1 Planning to Use an IT Auditor as a Member 
of the Engagement Team 


An IT auditor may be used throughout the audit. Areas in which an IT auditor may be used 
include obtaining an understanding of internal control, assessing risks, and performing control 
test work and substantive procedures. 


In planning for the IT auditor's work, the auditor should consider materiality, the risks of material 
misstatement, and the degree of subjectivity involved in evaluating evidence. 


As with other members of the engagement team, an IT auditor must be informed about his or 
her role in the audit, including: 


= The IT auditor's responsibilities, including the need to comply with relevant ethical 
requirements and to plan and perform an audit with professional skepticism. 


The objectives of the work to be performed. 
The nature of the entity's business. 
Risk-related issues. 


Problems that may arise. 


The detailed approach to the performance of the engagement. 
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3.2. Direction and Supervision of the IT Auditor 


The general principles and responsibilities that the audit engagement partner has to direct all 
team members applies to the IT auditor, including: 


=m Agreeing with the IT auditor on the nature, scope, and objectives of the IT auditor's work. 


=m Agreeing to the nature, extent, and timing of communication between the IT auditor and 
other members of the engagement team. 


= Evaluating the adequacy of the IT auditor's work, including the relevance and 
reasonableness of the findings or conclusions and the consistency of those findings or 
conclusions with other audit evidence. 


The audit partner supervises and reviews the work performed on the audit, including the work 
performed by any IT auditors. The audit partner remains responsible for the report on the 
financial statements. 


An IT auditor, like other members of the engagement team, has a professional responsibility to 
bring to the attention of appropriate personnel any matters that, in the IT auditor's professional 
judgment, are difficult or contentious and may require consultation. 


4 Using the Work of a Component Auditor 


During planning, an auditor of group financial statements (group auditor) may decide that it is 
necessary to use the work of a component auditor. The requirements discussed below apply 
regardless of whether the group auditor decides to make reference to the component auditor in 
the auditor's report on the group financial statements or to assume responsibility for the work 
of component auditors. 


4.1 Wholsa Component Auditor? 


A component auditor performs work on the financial information of a component that will 
be used as audit evidence for a group audit. A component auditor may be part of the group 
engagement's firm or a network firm, or another firm. 


4.2. Determine the Need for a Component Auditor 


The group auditor is responsible for the direction, supervision, and performance of the group 
audit engagement and for determining whether the issued auditor's report is appropriate. 


A component auditor may be engaged for several reasons. For example, a component auditor may: 
= Beneeded to obtain sufficient appropriate audit evidence over a component. 
= Berequired by law or regulation. 


=m Have been engaged by component management for another reason to express an audit 
opinion on the financial statements of a component. 
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4.3. Competence, Capabilities, and Objectivity 


Regardless of whether the group auditor will reference the component auditor in the auditor's 
report on the group financial statements, the group engagement team should obtain an 
understanding of the following: 


=m Whether the component auditor is independent. 


m= Whether the component auditor understands and will comply with the ethical requirements 
that are relevant to the group. 


= The component auditor's professional competence. 


= The extent, if any, to which the group engagement team will be involved in the work of the 
component auditor. 


m Whether the group engagement team will be able to obtain information affecting the 
consolidation process from a component auditor. 


m= Whether a component auditor operates in a regulatory environment that actively 
oversees auditors. 


4.4 Agreement With the Component Auditor 


The group auditor should provide instructions to the component auditor and agree, in writing, 
with the component auditor regarding: 


=m the nature, scope, and objectives of the work of the component auditor; 


=m the respective roles and responsibilities of the group auditor and the component 
auditor; and 


=m the nature, extent, and timing of communication between the group auditor and the 
component auditor. 


4.5 Evaluate the Adequacy of the Component Auditor's Work 


Based on the agreement between the group and component auditor, the group auditor will 
review communication from the component auditor that must include: 


m Whether the component auditor has complied with the group engagement team's 
requirements. 


= Noncompliance with laws or regulations at a component or group level that could give rise 
to a material misstatement of the group financial statements. 


= Significant risks of material misstatement of the group financial statements identified by the 
component auditor in the component and the component auditor's responses to such risks. 


= Alist of corrected and uncorrected misstatements of the financial information of the 
component. 


= Indicators of possible management bias regarding accounting estimates and the application 
of accounting principles. 


= Description of any identified material weaknesses and significant deficiencies in internal 
control at the component. 


= Other significant findings and issues that the component auditor communicated or will 
communicate to those charged with governance of the component. 


=m Any other matters that may be relevant to the group audit. 


A2-58 Module 6 © Becker Professional Education Corporation. All rights reserved. 


AUD 2 Using the Work of Others 


After reviewing the communication from the component auditor, the group auditor should 
determine whether it is necessary to review other relevant parts of a component auditor's audit 
documentation. 


4.6 Extent of Evidence 


If the group auditor is assuming responsibility for the component auditor's work, the group 
auditor should be involved in the risk assessment of the component to identify significant risks 
of material misstatement of the group financial statements. 


The nature, extent, and timing of this involvement may vary depending on the group auditor's 
understanding of the component auditor. At the minimum, it should include the following: 


= Discussing with the component auditor the component's business activities that are 
significant to the group. 


= Discussing with the component auditor the susceptibility of the component to material 
misstatement. 


The type of work to be performed on the financial information of components depends on 
the significance of the component to the group financial statements. The significance may 
be in terms of financial significance or its likelihood to include significant risks of material 
misstatement of the group financial statements. 


4.7 Effect on the Auditor's Report 


When the group auditor decides to make reference to the audit of a component auditor in the 
auditor's report on the group financial statements, the report on the group financial statements 
should indicate: 


=m That the component was audited by the component auditor. 
=m The magnitude of the portion of the financial statements audited by the component auditor. 


= That the group auditor has taken responsibility for evaluating the adjustments to convert 
the component's financial statements to the financial reporting framework used by the 
group (if applicable). 


= That the component auditor performed additional audit procedures in order to meet 
the relevant requirements of GAAS (if the component auditor performed the audit of the 
component under different auditing standards). 
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NOTES 
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1 Overview 


When establishing the audit strategy, the auditor should determine materiality for the financial 
statements as a whole, performance materiality, and, when necessary, materiality levels for 
particular classes of transactions, account balances, or disclosures. 


1.1. Materiality for Financial Statements as a Whole 


The auditor should determine the materiality level for the financial statements as a whole. 
Misstatements, including omissions, are considered material if there is a substantial likelinood 
that, individually or in the aggregate, they would influence the judgment made by a reasonable 
user based on the financial statements. 


Va Pass Key 


The Supreme Court of the United States has held that a fact is material under federal 
securities laws if there is "a substantial likelihood that the... fact would have been viewed 
by the reasonable investor as having significantly altered the 'total mix' of information 
available." The Supreme Court has also noted that determinations of materiality require 
"delicate assessments of the inferences a 'reasonable shareholder’ would draw from a 
given set of facts and the significance of those inferences to him... ." 


1.1.1 Needs of Users 


Materiality is influenced by the auditor's perception of the needs of financial statement users. 
Users are assumed to: 


= Have appropriate knowledge of business, the economy, and accounting. 

=m Recognize that financial statements inherently include some level of uncertainty. 

m= Understand how materiality affects both the preparation and audit of the financial statements. 
a 


Have both a willingness and an ability to properly analyze the financial statements, and to 
make reasonable judgments based on this analysis. 


1.1.2 Factors to Be Considered 


Materiality is based on professional judgment. Ordinarily it is not practical to design audit 
procedures to detect misstatements that are material based solely on qualitative factors. 
Therefore, both qualitative and quantitative factors must be considered when setting materiality 
for the financial statements as a whole. The materiality level for the financial statements as 

a whole needs to be expressed as a specified amount. When determining materiality, the 
auditor should use the smallest level of misstatement that could be material to any one of the 
financial statements. 
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The following factors are used to make the preliminary determination of materiality: 


= The application of a percentage to an appropriate financial statement benchmark. The 
financial statements used may be the entity's annualized interim financial statements or its 
prior period annual financial statements. 


m= When identifying the appropriate benchmark to use to determine materiality, the auditor 
should consider: 


e Whether there are financial statement items on which users focus their attention when 
evaluating the entity's financial position or performance. 


e The nature of the entity and its industry. 
e The size of the entity, the nature of its ownership, and its methods of financing. 


e Examples of materiality benchmarks, including total revenue, gross profit, profit before 
tax from continuing operations, and net assets. 


= Prior period financial results, period-to-date financial results and position, and current 
period budgets and forecasts. 


= Any significant known or expected changes in the entity's circumstances. 


m= Changes in the conditions of the industry or the economy as a whole. 


PCAOB Standards: Guidance for Issuers 


PCAOB standards state that separate lower materiality levels should be set 
for particular accounts or disclosures when there is a substantial likelihood 
that misstatements of amounts less than the materiality level established 
for the financial statements as a whole would influence the judgment of a 
reasonable investor. 


1.2 Performance Materiality 


Performance materiality is the amount or amounts set by the auditor at less than materiality 
for the financial statements as a whole to reduce to an appropriately low level the probability 
that the aggregate of uncorrected and undetected misstatements exceeds materiality for the 
financial statement as a whole. The auditor should determine performance materiality for 
purposes of assessing the risks of material misstatement and determining the nature, timing, 
and extent of further audit procedures. 


1.2.1 Tolerable Misstatement 


Tolerable misstatement is the maximum error in a population that the auditor is willing to 
accept. Tolerable misstatement is the application of performance materiality to a particular 
sampling procedure. 


For multilocation audits, the tolerable misstatement for an individual location should be less 
than the materiality level for the financial statements as a whole. 


A2-62 Module 7 © Becker Professional Education Corporation. All rights reserved. 


AUD 2 Materiality 


Example 1 Determining Materiality 


Facts: Evan, senior accountant at Noah CPA firm, is determining the overall financial 
statement materiality and tolerable misstatement for his client in Year 2. Evan expects that 
there will be a low likelihood of uncorrected and undetected misstatements. 


Noah CPA firm's materiality guidelines are as follows: 


e Overall financial statement materiality should be based on the benchmark of either 
total assets or gross revenue, whichever is larger, and should be calculated by taking the 
appropriate benchmark and multiplying it by either 1 percent, if the benchmark is total 
assets, or 0.5 percent, if the benchmark is gross revenue. 


e Tolerable misstatement is calculated by multiplying the overall materiality by either 70 
percent (for low likelihood of uncorrected and undetected misstatements) or 50 percent 
(for high likelihood of uncorrected and undetected misstatements). 


Selected financial information: 

e Revenue: $2,500,000 

© Gross profit: $50,000 

e Total assets: $1,750,000 

e Stockholders' equity: $750,000 

Required: Calculate overall financial statement materiality and tolerable misstatement. 
Solution: 


Overall materiality = Applicable benchmark x applicable percentage 
Overall materiality = $2,500,000 x 0.005 
Overall materiality = $12,500 


Tolerable misstatement = Qverall materiality x applicable percentage 
Tolerable misstatement = $12,500 x 0.7 
Tolerable misstatement = $8,750 
Note: The applicable percentage and determination of the benchmark vary by CPA firm. 


Therefore, on the exam, it is important to read the facts to determine the appropriate 
benchmark, percentage, and formula that should be used. 


1.3. Materiality for Particular Classes of Transactions, 
Account Balances, or Disclosures 


In the specific circumstances of an entity, there may be one or more particular classes of 
transactions, account balances, or disclosures for which misstatements of a lesser amount than 
materiality for the financial statements as a whole would influence the judgment made by a 
reasonable user. When this is the case, the auditor should determine the separate materiality 
levels to be applied to those classes of transactions, account balances, or disclosures. 
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1.4 Materiality in Group Audits 


In a group audit, the group engagement team should do the following when making its 
preliminary determination of materiality: 


1. Establish materiality, including performance materiality, for the group financial statements 
as a whole. 


2. Determine materiality to be applied to particular classes of transactions, account balances, 
or disclosures in the group financial statements for which misstatements of lesser amounts 
than materiality for the group financial statements as a whole would influence the judgment 
made by a reasonable user based on the financial statements. 


3. Determine component materiality for those components on which the group engagement 
team will perform, or request a component auditor to perform, an audit or review. 
Component materiality should be determined taking into account all components and 
should be lower than materiality for the group financial statements as a whole. Component 
performance materiality should be lower than performance materiality for the group 
financial statements as a whole. 


4. Determine the threshold above which misstatements cannot be regarded as clearly trivial to 
the group financial statements. 


1.5 Revising the Assessment of Materiality 


The preliminary determination of materiality ordinarily will be revised as the audit progresses. 
The auditor should consider whether the audit plan and the nature, extent, and timing of audit 
procedures need to be modified in response to any change in the determination of materiality, 
and should not assume that a misstatement is an isolated occurrence. 


Examples of situations that would require a reevaluation of established materiality levels or 
tolerable misstatement: 


=  Materiality levels and tolerable misstatement were originally based on estimated or 
preliminary financial statement amounts that differ significantly from actual amounts. 


m= Events or changes (e.g., changes in laws, regulations, the financial reporting framework, 
or contractual agreements) that occurred after the materiality levels and tolerable 
misstatement were established are likely to affect investors' perceptions about the 
company's financial statements. 
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1 Overview 


1.1 What Is Audit Risk? 


Audit risk is the risk that the auditor may unknowingly fail to appropriately modify the opinion 
on financial statements that are materially misstated. 


= Audit risk arises because the auditor obtains only reasonable (and not absolute) assurance 
about whether the financial statements are free of material misstatement. 


= Audit risk should be reduced to an appropriately low level before an opinion on the financial 
statements is expressed. 
1.2 What Is Material Misstatement? 


A material misstatement is defined as an omission or misstatement of accounting information that, 
in light of surrounding circumstances, makes it probable that the judgment of a reasonable person 
relying on the information would have been changed or influenced by the omission or misstatement. 


Misstatements can result from errors, which are unintentional, or fraud, which is intentional. 
Misstatements include: 


®™  Inaccuracies in the collection or processing of data 
Departures from generally accepted accounting principles 
Omissions 

Incorrect estimates or judgments 


Inappropriate selection or application of accounting policies 


Inappropriate classification, aggregation, or disaggregation of information 


The auditor should consider what level of misstatement would be material, either alone or when 
aggregated with other misstatements. 


1.2.1 Types of Misstatements 


Misstatements may be described as factual misstatements, judgmental misstatements, or 
projected misstatements. 


= Factual Misstatements: Factual misstatements are misstatements about which there is 
no doubt. 


= Judgmental Misstatements: Judgmental misstatements are differences arising from 
the judgments of management, including those concerning recognition, measurement, 
presentation, and disclosure in the financial statements (including the selection or 
application of accounting policies that the auditor considers unreasonable or inappropriate). 


= Projected Misstatements: Projected misstatements are the auditor's best estimate of 
misstatements in populations, involving the projection of misstatements identified in audit 
samples to the entire population from which the samples were drawn. 
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2 Audit Risk Model 


Audit risk comprises the risk that the financial statements are materially misstated 
(risk of material misstatement, or RMM) and the risk that the auditor will not detect such 
misstatements (detection risk, or DR). 


AR RMM DR 
Audit risk = Risk of material misstatement x Detection risk 
(should be low) (assessed by auditor) (controlled by auditor) 


The components of audit risk may be assessed either quantitatively (e.g., as a percentage), or 
nonquantitatively (e.g., high, medium, low, etc.). 


2.1 Risk of Material Misstatement (RMM = IR x CR) 


The auditor makes an assessment of the risks of material misstatement by performing 
risk assessment procedures and, where appropriate, tests of controls. A risk of 
material misstatement exists when there is a reasonable possibility of a misstatement 
occurring (likelihood), and if it were to occur, there is a reasonable possibility of it being 
material (magnitude). 


The assessment of the risks of material misstatement includes the assessment of the entity's 
inherent risk (IR) and control risk (CR). For identified risks of material misstatement, the auditor 
must perform a separate assessment of inherent risk and control risk. 


2.2 Inherent Risk (IR) 


Inherent risk is the susceptibility of an assertion about a class of transactions, account balance, 
or disclosure to a material misstatement, before the consideration of any related controls. 
Inherent risk factors are the characteristics about events or conditions that cause such risk. 
Such risk factors may be qualitative or quantitative and include factors such as complexity, 
subjectivity, change, uncertainty, and susceptibility to management bias. 


Depending on the degree to which the inherent risk factors exist, the level of inherent risk 
assessment varies on a scale that is referred to as the spectrum of inherent risk. The spectrum 
of inherent risk provides a frame of reference in determining the significance of the combination 
of the likelihood and magnitude of misstatement. 


An auditor assesses inherent risk as high on the spectrum of inherent risk if the account is more 
likely to contain a material misstatement. Assertions involving the following factors generally 
have a high inherent risk: 


= high-volume, unique, or individually significant transactions 
= complex or subjective calculations 

= amounts derived from estimates 
ws 


cash 
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Other factors specific to the entity and its environment may also tend to increase inherent risk, 
such as: 


=m technology that renders a product obsolete; 
= alack of working capital; or 
=m adecline in the overall industry or economy. 


Business risk factors identified when the auditor obtained an understanding of the entity and its 
environment may also increase inherent risk. 


An auditor assesses inherent risk as low on the spectrum of inherent risk if the account is not 
likely to contain a material misstatement. 


2.3. Control Risk (CR) 


Control risk is the risk that a material misstatement that could occur in an assertion about a 
class of transactions, account balance, or disclosure will not be prevented or detected (and 
corrected) on a timely basis by the entity's system of internal control. Control risk is a function 
of the effectiveness of the design and operation of controls. Some amount of control risk will 
always exist due to inherent limitations of any system of internal control. 


An auditor assesses control risk as high if: 

=m there are no effective controls relative to the specific assertion; 

m= the implemented controls are not operating effectively; or 

= risk for the particular assertion may be addressed by performing only substantive procedures. 


When the auditor does not plan to test the operating effectiveness of controls, the auditor 
should assess the control risk at the maximum level. In these instances, the risk of material 
misstatement is the same as the assessment of inherent risk. Even when the auditor does 

not intend to rely on the operating effectiveness of the control to reduce the control risk 
assessment, the auditor may still use the evaluation of the design and implementation of such 
controls to assist in designing effective substantive procedures. 


Yas Pass Key 


Inherent risk and control risk exist independently of the audit, and the auditor generally 
cannot change these risks. However the auditor can change his or her assessment of these 
risks as the audit progresses. Many exam questions present a change in the auditor's 
assessed level of risk and require the candidate to determine the effect of this change. 


2.4 Detection Risk (DR) 


Detection risk is the risk that the auditor will not detect a material misstatement that exists in 
a relevant assertion. Detection risk is a function of the effectiveness of audit procedures and of 
the manner in which they are applied. 


= Some amount of detection risk will always exist because the auditor does not typically 
examine 100 percent of an account balance or transaction class, and because the auditor 
may make mistakes in applying audit procedures or in interpreting results. 


= Detection risk can be subdivided into tests of details risk and substantive analytical 
procedures risk. 
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2.5 Effect on the Audit 


The auditor's overall judgment about the level of risk in an engagement will affect the staffing, 
level of supervision, and scope of the audit. Auditors use professional judgment to assess each 
aspect of audit risk, but they only can control the level of detection risk. The auditor uses his or 
her assessment of the risks of material misstatement as a basis for determining an appropriate 
level of detection risk. The auditor should evaluate whether the audit evidence obtained from the 
risk assessment procedures provide an appropriate basis for the identification and assessment 
of the risks of material misstatement. If not, additional procedures should be performed. As the 
audit progresses and new information is obtained, the auditor should continue to evaluate if any 
changes in the assessment of the risk of material misstatement are necessary. 


2.5.1 Inverse Relationship of RMM to DR 


When the auditor determines that the risk of material misstatement is high, detection risk 
should be set at a low level. Conversely, when the risk of material misstatement is low, the 
auditor can justify a higher detection risk. 

2.5.2. The Auditor Controls Detection Risk 


The auditor's determination of detection risk will have a direct effect on the nature, extent, and 
timing of audit procedures performed. For example, as the acceptable level of detection risk 
decreases, the assurance provided from substantive procedures should increase. To ensure a 
low level of detection risk, the auditor may: 


1. Change the nature of substantive tests from a less effective to a more effective procedure 
(e.g., direct test toward independent parties outside the entity rather than toward parties or 
documentation inside the entity). 


Change the extent of substantive tests (e.g., use a larger sample size). 


Change the timing of substantive tests (e.g., perform substantive tests at year-end rather 
than at interim). 


Alternatively, if the acceptable level of detection risk is higher, the assurance that must be 
obtained from substantive tests decreases, allowing for somewhat less persuasive evidence 
to be used, for a reduction in the extent of testing, or for more testing to be performed on an 
interim basis. 


2.5.3 Substantive Procedures Required 


Note that even when the assessed control risk is low, substantive procedures will always be 
necessary for each relevant assertion related to each significant transaction class, account 
balance, and disclosure. 


2.6 Summary of Audit Risk 


The audit risk equation is: 


AR = RMM*xDR = IRxCR*xDR 


The equation may be rewritten as follows: 


AR 
IRx CR 
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The steps required in assessing audit risk during engagement planning are as follows: 


Step 1: Determine audit risk. Audit risk is typically determined by the audit firm and is set at 
a low level to ensure that the auditor does not render an incorrect opinion. 


Note: Some exam questions related to determining detection risk may not discuss the level 
of audit risk. This is because audit risk is generally assumed to be assessed low. 


Step 2: Assess inherent risk. This determination is based on the auditor's understanding 
of the client. A high inherent risk means the accounts are likely to contain a material 
misstatement, and a low inherent risk means the accounts are less likely to be 
materially misstated. 


Step 3: Assess control risk. This determination is based on the auditor's understanding of 
the system of internal control, specifically the design and implementation of controls, and, if 
applicable, the operating effectiveness of controls. 


Note: A control risk assessment that is assessed as high will result in a risk of material 
misstatement that is equal to the inherent risk. If control risk is assessed below high, then 
the auditor needs to test controls to prove that the controls are operating effectively. 


Step 4: Determine detection risk based on the assessed levels of inherent risk and control 
risk. (Remember, IR x CR = Risk of material misstatement.) There is an inverse relationship 
between risk of material misstatement and detection risk. 


Example 1 Audit Risk Assessment 


Facts: Katie is auditing Sweet Strawberries' investment account. Sweet Strawberries 
engages in several complex transactions, including derivative transactions. Katie has 
tested Sweet Strawberries’ internal controls related to its derivative transactions and has 
determined that they are not operating effectively. 


Required: Determine the level of detection risk that Katie should set for the 
investment account. 


Solution: 


The acceptable level of detection risk is low because inherent risk and control risk are high. 


Inherent risk is high because derivative transactions are complex and are more likely to 
result in material misstatements. 


Control risk is high because tests of controls indicate that controls are not 
operating effectively. When control risk is assessed as high, inherent risk equals the risk 
of material misstatement. 


There is an inverse relationship between risk of material misstatement and detection 
risk. A high risk of material misstatement (due to the high inherent risk and high 
control risk) results in a low detection risk. 


Because the account is likely to contain misstatements (complex transactions and 
ineffective controls), Katie must obtain more persuasive evidence (e.g., testing closer to 
year-end, increasing sample size, and/or obtaining more reliable evidence). 
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Many exam questions deal with the relationship between the risk of material misstatement 
(RMM) and detection risk, or between RMM and substantive procedures. Although there 

is an inverse relationship between RMM and detection risk, there is a direct relationship 
between RMM and the assurance required from substantive procedures. In other words, 
greater risk requires more persuasive evidence, a larger sample size, and/or a shift from 
interim to year-end testing. 


3. Audit Risk and Materiality 


3.1 Overall Considerations 


Audit risk and materiality should be considered together in designing the nature, extent, and 
timing of audit procedures and in evaluating the results of those procedures. 


Considerations of audit risk and materiality are affected by the size and complexity of the entity, 
as well as the auditor's professional judgment, including their experience with and knowledge of 
the entity, its environment, and its system of internal control. The auditor should also consider 
the needs of the users of the financial statements in determining whether an account balance, 
class of transactions, or disclosure may be material. 


Audit risk and materiality must be considered at both the financial statement level and the 
account balance, individual transaction class, or disclosure item level. A class of transaction, 
account balance, or disclosure is significant when there is an identified risk of material 
misstatement at the assertion level (that is, one or more relevant assertions). A class of 
transaction, account balance, or disclosure is material if there is a substantial likelihood that 
omitting or misstating would influence the judgment of a reasonable financial statement user. 
When there is a material class of transaction, account balance, or disclosure item that is not 
deemed to be significant (no relevant assertion identified), the auditor should assess whether 
that determination remains appropriate. 


3.2. Inverse Relationship Between Audit Risk and Materiality 


There is an inverse relationship between audit risk and materiality. The risk of a very large 
misstatement may be low, whereas the risk of a small misstatement may be high. Also, the more 
material a misstatement is, the /ess /ikely it is that the auditor will not detect it. 
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1 Overview of Fraud 


1.1. Fraud vs. Error 


= Error: Errors are unintentional misstatements or omissions of amounts or disclosures 
in the financial statements. They include mistakes in gathering or processing accounting 
data; inaccurate accounting estimates; inappropriate classification, aggregation, or 
disaggregation of information; and misunderstanding or unintentional misapplication 
of accounting principles. 


= Fraud: Fraud is an intentional act by one or more individuals anong management, those 
charged with governance, employees, or third parties involving the use of deception that 
results in a misstatement of the financial statements. 


1.2. Types of Fraud 


Frauds can be categorized as either fraudulent financial reporting or misappropriation of assets. 


1.2.1 Fraudulent Financial Reporting 


Fraudulent financial reporting involves intentional misstatements or omissions of amounts or 
disclosures in the financial statements that are designed to deceive financial statement users. 
These are usually acts of management and may involve: 


= manipulation, falsification, or alteration of accounting records or supporting documents 
from which financial statements are prepared; 


= misrepresentation in, or intentional omission from, the financial statements of events, 
transactions, or other significant information; or 


= intentional misapplication of accounting principles relating to amounts, classification, 
manner of presentation, or disclosures. 


1.2.2 Misappropriation of Assets 


Misappropriation of assets, or defalcation, involves theft of an entity's assets when the effect 
of the theft causes the financial statements not to be presented in conformity with GAAP. 
These acts usually involve one or more individuals anong management, employees, or third 
parties, and may involve stealing assets or causing an entity to pay for something that has not 
been received. 
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1.3. Fraud Risk Factors 


Three conditions generally are present when fraud occurs. These conditions are referred to as 
"fraud risk factors," and the auditor considers such factors when assessing fraud risk. 


1. Incentives/Pressures: a reason to commit fraud. 
2. Opportunity: a lack of effective controls. 
3. Rationalization/Attitude: an attempt to justify fraudulent behavior. 


Fraud risk factors may be inherent risk factors when they relate to incentives, pressures, or 
opportunities that arise from conditions that create susceptibility to misstatement before the 
consideration of controls, such as intentional management bias. Alternatively, fraud risk factors 
may relate to conditions within the system of internal control that provide opportunity to 
commit or rationalize fraud. 


2 Consideration of Fraud During an Audit 


2.1 Reasonable Assurance 


Because of the concealment aspects of fraud and the need to apply judgment in evaluating 
fraud risk, even a properly planned and executed audit may fail to detect fraud. In expressing an 
audit opinion, the auditor provides only reasonable (not absolute) assurance that the financial 
statements are free of material misstatements resulting from errors or fraud. 


=m The risk of not detecting a material misstatement that results from fraud is higher than the 
risk of not detecting one that results from error. 


=m The risk of not detecting a material misstatement resulting from management fraud is 
greater than that for employee fraud because management is in a position to manipulate 
accounting records, present fraudulent financial information, or override controls. 


= Fraud is often difficult to detect because those engaged in fraud generally will try to conceal it. 
Collusion among various parties also can make it difficult to detect fraud. 


= The auditor's ability to detect fraud depends on the skillfulness of the perpetrator, the 
frequency and extent of manipulation, the degree of collusion involved, the relative size of 
the individual amounts manipulated, and the seniority of the individuals involved. 


2.2 Responsibility 


2.2.1 Management's Responsibility 


Management is responsible for designing and implementing programs and controls to prevent, 
deter, and detect fraud. 


2.2.2 Auditor's Responsibility 


The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance 
about whether the financial statements are free of material misstatement, whether caused by 
error or fraud. As part of audit planning, the auditor must specifically assess the risk of material 
misstatement of the financial statements due to fraud and should consider this assessment 

in designing the audit procedures to be performed. This fraud risk assessment is an ongoing 
process and should be considered in every phase of the audit. 
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2.3. Audit Requirements 


2.3.1 Professional Skepticism 


The auditor should maintain an attitude of professional skepticism, which includes a questioning 
mind and a critical assessment of audit evidence, including the consideration of whether 
unconscious or conscious biases may impact auditor judgment. 


The auditor should consider that fraud can occur regardless of any past experience with 
the entity or any belief about management's honesty and integrity. The auditor should not 
rationalize or dismiss information that may be indicative of fraud. 


2.3.2 Audit Procedures 

The auditor should perform the following procedures: 
Discuss fraud risk with engagement personnel. 

Obtain information to identify specific fraud risks. 
Assess fraud risk and develop an appropriate response. 


Evaluate audit evidence regarding fraud. 


nee Ww oN > 


Make appropriate communications about fraud. 


6. Document the auditor's consideration of fraud. 


2.4 Required Discussion Among Engagement Personnel 


A discussion of the potential for material misstatement as the result of fraud is required as part 
of planning. 


The discussion should include: 
= Brainstorming regarding: 


e How and where the financial statements might be susceptible to material misstatement 
due to fraud, including consideration of material misstatements through related party 
transactions. 


e How management could perpetuate and conceal fraudulent financial reporting, 
including perpetuating and concealing material misstatements by omitting or 
presenting incomplete or inaccurate disclosures. 


e How assets could be misappropriated. 


e How the financial statements could be manipulated through management bias in 
accounting estimates in significant accounts and disclosures. 


= Anemphasis on the importance of professional skepticism. 


= Consideration of factors that create incentives or pressures to commit fraud and provide 
an opportunity for fraud to be perpetrated, or that indicate a culture or environment that 
enables management to rationalize committing fraud. 


= Consideration of the risk of management override of controls. 
= How the auditor might respond to identified fraud risks. 


The discussions should involve all key members of the audit team, including the engagement 
partner; may include specialists; and may occur in multiple locations. Communication should 
continue throughout the audit. 
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2.5 Obtaining Information 


The auditor should perform the following procedures to obtain information useful in identifying 
potential fraud risks. 


1. Inquire of Entity Personnel Regarding Their Views of Fraud Risk 


The auditor should direct inquiries to management, employees involved in financial 
reporting, operating personnel, internal auditors, in-house legal counsel, those charged with 
governance, etc. 


Inquiries should be made regarding: 
e The overall risk of fraud. 
e Identified or suspected instances of fraud. 


e The process for identifying and responding to fraud risk and controls established to 
address fraud risk. 


e The extent of oversight of distant locations and whether there are particular locations 
or business segments for which a fraud risk might be more likely to exist. 


e Communication of management's code of ethics. 


e Whether management has reported to those charged with governance regarding 
internal control and how it functions to prevent, deter, or detect material misstatement 
due to fraud. 


e What type of oversight the audit committee provides. 


e Whether management or those charged with governance received and responded to 
tips or complaints regarding the company's financial reporting. 


e The internal auditors' procedures performed to identify or detect fraud and whether 
management responded appropriately to any findings from those procedures. 


e Whether the company has entered into any significant unusual transactions. 
Inconsistent responses or responses that are otherwise unsatisfactory (e.g., vague or 
implausible responses) indicate a need for additional evidence. 


2. Consider the Results of Analytical Procedures 


e The auditor is required to perform analytical procedures in planning the audit, and 
should consider the implications of any unusual or unexpected relationships identified. 


e During planning, the auditor is specifically required to perform analytical procedures 
relating to revenue, in order to identify unusual relationships that might be indicative 
of fraud. 


e Analytical procedures performed during planning often use data aggregated at a high 
level, and therefore such procedures may provide only a broad indication regarding 
fraud risk. 
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3. Evaluate Fraud Risk Factors 


Three conditions (incentives/pressures, opportunity, and rationalization/attitude) generally 
are present when fraud occurs. The auditor should use professional judgment to determine 
whether and to what extent such conditions are present. 


e The risk of material misstatement due to fraud is greatest when all three risk factors 
are present, but the existence of all three fraud risk factors is not an absolute indication 
that fraud has occurred. 


e Lack of observation of any or all of the three fraud risk factors does not imply that there 
is no fraud risk. One condition may be significant enough on its own to cause a risk of 
material misstatement due to fraud. 


2.6 Identifying Risks 


The auditor should use the information gathered to identify risks that may result in a material 
misstatement (at either the financial statement or relevant assertion level) due to fraud. 


2.6.1 Attributes of Risk 

In analyzing risk, the following four attributes should be considered. 

= Type of Risk: Does it involve fraudulent financial reporting or misappropriation of assets? 
= Significance of the Risk: Can it lead to a material misstatement? 

= Likelihood of the Risk: How likely is this to happen? 
a 


Pervasiveness of the Risk: Does it affect the financial statements as a whole or only 
specific accounts, transactions, or assertions? 


2.6.2 Presumption of Risk 

There is a presumption in every audit that the following two risks exist: 
1. Improper revenue recognition 

2. Management override of controls 


These risks should be addressed by the auditor in evaluating the overall fraud risk. 


2.6.3. Additional Considerations 

The auditor should also consider the following factors. 

= Whether and to what extent the three fraud risk factors are present. 
=m The size, complexity, and ownership characteristics of the entity. 


e Large entities may have an audit committee, an internal audit function, or a formal code 
of conduct, all of which may serve to deter fraud. 


e Asmaller entity may lack such features; however, it may exhibit a strong corporate 
culture that discourages fraud. 


=m The susceptibility of items to manipulation. Items are more susceptible to manipulation 
when they involve: 


e  ahigh degree of management judgment and subjectivity; or 
e highly complex accounting principles. 


= How fraud can be perpetrated or concealed by presenting incomplete or inaccurate 
disclosures, or by omitting required disclosures. 
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2.6.4 Assessing Risks 


The auditor evaluates the identified fraud risks after considering the effect of the entity's 
programs and controls. 


= The auditor is required to obtain an understanding of the entity and its environment, as well 
as the applicable financial reporting framework, and the system of internal control, as part 
of planning the audit. 


= The auditor should treat the assessed risk of material misstatement due to fraud as a 
significant risk and should identify the entity's controls that address such risks and evaluate 
their design and determine whether they have been implemented. 


= Specific controls may mitigate specific risks; broader controls (such as those promoting 
a culture of honesty) may mitigate overall risk. 


= An identified control deficiency may increase the fraud risk assessment. 
2.7. Responding to Assessed Fraud Risk 
2.7.1 Required Response 


The auditor is required to respond to the results of the fraud risk assessment on three levels. 


1. Overall, General Response 
The auditor should consider the overall fraud risk when: 


e Assigning personnel to the engagement. 
e Determining the appropriate level of supervision of engagement personnel. 
e Evaluating management's selection and application of accounting principles. 


e Incorporating an appropriate level of unpredictability in the selection of auditing 
procedures from one year to the next. The auditor should incorporate an element of 
unpredictability into every audit. 


2. Response Encompassing Specific Audit Procedures 


The auditor should respond to specifically identified fraud risks by altering the nature, 
extent, or timing of audit procedures. Although the auditor's response may include both 
substantive tests and tests of controls, tests of controls alone generally are insufficient 
because of the risk of management override. 


3. Response Addressing Risks Related to Management Override 


The following procedures should be performed to address the risk of management override 
of controls. 


e Obtain an understanding of the entity's financial reporting process and controls over 
journal entries and other adjustments and determine whether the controls have 
been implemented. 


e Examine journal entries and other adjustments for evidence of possible material 
misstatement due to fraud. The auditor should consider fraud risk indicators, the 
nature and complexity of accounts, and unusual entries processed. For example, the 
auditor might focus on nonstandard or unusual entries. 


e — Review accounting estimates for biases that could result in material misstatement due to 
fraud. The auditor should also perform a retrospective review (comparing prior period 
estimates to actual subsequent events) to provide insight regarding management bias. 
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e Evaluate the business purpose for significant unusual transactions. For instance, 
the auditor might consider transactions that are overly complex or those where the 
accounting does not reflect the underlying substance of the transaction. Procedures 
may include obtaining and evaluating underlying documentation, requesting proof of 
authorization, and evaluating the accounting and disclosures related to the transaction. 


2.8 Evaluating Audit Evidence 


The auditor is required to assess fraud risk throughout the audit and to evaluate, at the 
completion of the audit, whether accumulated audit results affect this assessment. 


2.8.1 Conditions Identified During Fieldwork 


Certain conditions noted during fieldwork may affect the auditor's assessment of fraud risk. 
Although such conditions suggest the possibility of fraud, they are not absolute evidence that 
fraud has occurred. These conditions may include: 


= Discrepancies in the accounting records 
Conflicting or missing evidential matter 
Problematic relationships between the auditor and management 


Objections by management to the auditor meeting privately with the audit committee 


Accounting policies that appear inconsistent with industry practices that are widely 
recognized and prevalent 


=m Frequent changes in accounting estimates that do not appear to result from changing 
circumstances 


= Tolerance of violations of the company's code of conduct 


2.8.2 Analytical Procedures 


The results of analytical procedures performed by the auditor during or at the completion of the 
audit may indicate a fraud risk that was not previously identified. The auditor should pay careful 
attention to unusual relationships relating to year-end revenue and income. 


2.8.3. Misstatements Due to Fraud 


The auditor should consider whether any misstatements identified during the audit are 
indicative of fraud, and should evaluate the related implications. Misstatement caused by 
fraud (even immaterial misstatements) may be indicative of an underlying problem with 
management integrity. 


The auditor may need to reevaluate the assessment of fraud risk, the assessed effectiveness of 
controls, and the appropriateness of the audit procedures applied. 


2.8.4 Final Evaluation 


A final evaluation (at or near the completion of fieldwork) should be made regarding the 
assessment of the risks of material misstatement due to fraud. Such evaluation should include 
communication among engagement personnel and may indicate the need to perform additional 
audit procedures. In situations in which significant risk of material misstatement because of 
fraud remains, the auditor should consider withdrawing from the engagement. 


© Becker Professional Education Corporation. All rights reserved. Module 9 A2-77 


Fraud Risk AUD 2 


3 Communications 


3.1 Management and Those Charged With Governance 
Generally, any indication of fraud (even immaterial fraud) should be discussed with an 
appropriate level of management at least one level above those involved. 


= Fraud that causes a material misstatement of the financial statements should be discussed 
with senior management and reported directly to those charged with governance. 


m= Any fraud involving senior management, regardless of the effect on the financial statements, 
should be reported directly to those charged with governance. 


= The auditor should consider whether any identified risk factors represent significant 
deficiencies or material weaknesses relating to the entity's internal control. Such items 
should be communicated to senior management and those charged with governance. 


= The auditor may also choose to discuss identified fraud risks in other communications to 
those charged with governance. 


3.2 Parties Outside the Entity 


Ordinarily, the disclosure of fraud to parties outside of senior management and those charged 
with governance is not part of the auditor's responsibility. However, in certain circumstances, a 
duty to disclose outside the entity may exist, such as: 


= to comply with certain legal and regulatory requirements, such as on Form 8-K and on 
reports required by the Private Securities Litigation Reform Act of 1995. 


™ to asuccessor auditor when the successor makes inquiries of the predecessor auditor, with 
specific permission of the client. 


in response to a subpoena. 


to a funding agency or other specified agency in accordance with requirements for the 
auditors of entities that receive governmental financial assistance. 


=m in some circumstances, to authorities when management and those charged with 
governance fail to take corrective action. 


3.3. Documentation Requirements 


Complete documentation of the auditor's fraud risk assessment and response is required. The 
auditor should document the following items. 


= The planning discussion among engagement personnel regarding fraud risk, including how 
and when the discussion occurred, the participants, and the subject matter discussed. 


= The procedures performed to obtain information related to fraud risk. 


= Specific identified risks of material misstatement due to fraud at the financial statement and 
assertion level. 


= Identified controls in the control activities component that address the risk of material 
misstatement due to fraud. 


= Ifthe auditor has not identified improper revenue recognition as a fraud risk, support for 
this conclusion. 
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The results of procedures performed, including those designed to address the risk of 
management override of controls. 


= The nature of communications made about fraud. 


3.3.1 Sarbanes-Oxley Act 


Under the Sarbanes-Oxley Act, severe penalties apply to those who destroy records (or willfully 
fail to maintain them for at least seven years), commit securities fraud, or fail to report fraud. 
The statute of limitations for the discovery of fraud has also been extended by this act, and 


protections have been provided for corporate whistleblowers. 
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NOTES 
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Understanding the Entity 
and Its Environment 


1 ‘Risk Assessment Overview 


1.1. Purpose 


An auditor should perform risk assessment procedures, which enable the auditor to: 
= Identify and assess the risks of material misstatement. 
= Make informed judgments about other audit matters, including: 

e Materiality and tolerable misstatement. 

e The entity's selection and application of accounting procedures. 


e Areas relating to amounts or disclosures in the financial statements that are determined 
to be significant risks. 


e The development of expectations for analytical procedures. 


e The design and performance of further audit procedures, including tests of controls, 
when applicable, and substantive procedures. 


e The evaluation of audit evidence. 


1.2 Risk Assessment Procedures 

The auditor performs the following risk assessment procedures: 

= Obtain an understanding of the entity and its environment. 

= Obtain an understanding of internal control over financial reporting. 


= Inquire of the audit committee, management, and others within the company about the 
risks of material misstatement, including internal auditors (when relevant). 


= Perform analytical procedures to assist with planning by identifying inconsistencies, unusual 
transactions or events, and trends that may have audit implications. 


= Conduct a discussion among engagement team members regarding the risk of 
material misstatement. 


=m Perform other procedures. 


L Pass Key 


The auditor should design and perform risk assessment procedures in a manner that is not 
biased towards obtaining corroborative, rather than contradictory, audit evidence. 
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2 Risk Assessment Procedures and Considerations 


The auditor should use the following risk assessment procedures to obtain an understanding 
of the entity and its environment, including the applicable financial reporting framework and its 
system of internal control. 


2.1. Inquiries 


Inquiries are generally made of management, those responsible for financial reporting, and 
others within the entity. 


Inquiries of appropriate individuals who are responsible for different areas of a client's business 
or financial reporting process and at different levels of authority may provide the auditor 

with varying perspectives when identifying and assessing the risk of material misstatement. 
Auditors should consider discussions with those charged with governance, including the board 
of directors and audit committee, internal auditors, other internal groups (IT, marketing, risk 
management, in-house counsel), and parties outside the entity (external legal counsel, valuation 
experts, etc.). 


If an entity has an internal audit function, discussions and inquiries may provide the auditor with 
insight into the entity's operations and business risks along with any findings or deficiencies. 
Understanding such matters raised by the internal auditors and the outcomes of the entity's 
own risk assessment process are of particular relevance. 


The auditor should ensure the risk assessment procedures also include observation and 
inspection as such procedures may support, corroborate, or contradict inquiries of management 
and others. 


2.2 Analytical Procedures 


Analytical procedures are evaluations of financial information made by a study of plausible 
relationships among both financial and nonfinancial data. 


2.2.1. Analytical Procedures Required to Be Performed During Planning 


During planning, analytical procedures consist of a review of data aggregated at a high level, 
such as comparing financial statements to budgeted or anticipated results. 


Generally, financial data are used, although relevant nonfinancial data (e.g., number of 
employees, square footage of selling space, or volume of goods produced) and their 
relationships with related financial data may also be considered. The analytical procedures 
performed will vary based on the complexity of the entity. For example, the analytical procedure 
may consist of reviewing changes in account balances from the prior year to the current year 
using the unadjusted trial balance, and for others, it may be a more detailed analysis of a 
monthly or quarterly financial statement. 


Analytical procedures may be done using a variety of tools or techniques, including automated 
tools, such as a spreadsheet or a more sophisticated form of software used for performing audit 
data analytics. 
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The analytical procedures performed in planning assist in assessing the risk of material 
misstatement, including inherent risk factors, and determining the nature, extent, and timing 
of audit procedures that will be used to obtain audit evidence. To do this, analytical procedures 
used in planning focus on: 


m Enhancing the auditor's understanding of the entity and of transactions and events that 
have occurred since the last audit date. 


= Identifying unusual transactions and events, and amounts, ratios, unexpected relationships, 
or trends that might be significant to the financial statements and may help the auditor 
identify risks of material misstatement, especially related to fraud. 


Va Pass Key 


During planning, the auditor is specifically required to perform analytical procedures related 
to revenue in order to identify unusual or unexpected relationships that might indicate 
material misstatement, including material misstatement due to fraud. The auditor should 
also take into account analytical procedures performed during interim reviews (if performed). 


2.3. Risk Assessment Discussion 


The members of the audit team, including the auditor with final responsibility for the audit, other 
key members of the audit team, and specialists (as necessary), should discuss the application of 
the applicable financial reporting framework and the susceptibility of the financial statements to 
material misstatement. Professional skepticism is critical during the engagement team discussion 
and may lead to improved identification and assessment of the risk of material misstatement. 


If the audit involves multiple locations, then there can be multiple discussions. Important 
matters should be communicated to all engagement members not present for the discussion(s). 
This discussion: 


=m Can be held concurrently with the fraud risk discussion. 


=m Should include areas of significant audit risk, the company's selection and application 
of accounting principles, including disclosure requirements, areas involving unusual 
accounting procedures, important control systems, and materiality levels. 


=m Allows more experienced team members to share their insights with less experienced staff. 


=m Should emphasize the need to exercise professional skepticism, and to be alert for and 
rigorously investigate any potential misstatements, whether due to error or fraud. 


= Should continue throughout the audit, including when conditions change. 


2.4 Other Procedures 

The auditor should also consider: 

=m Reviewing external information (e.g., trade journals and analysts' reports). 
The results of the fraud risk assessment. 

Information obtained during the client acceptance or continuance process. 
Information obtained on other engagements performed for the entity. 


Prior period evidence, to the extent that it is still relevant. 
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2.5 Risk Assessment Procedures and Audit Evidence 


Risk assessment procedures sometimes provide audit evidence about transactions, balances, 
disclosures, or controls, even if they were not designed to provide such evidence. 


The auditor may also choose to perform substantive procedures or tests of controls 
concurrently with risk assessment procedures, if it is efficient to do so. 


2.6 Ongoing Assessment 


Risk assessment is a process that continues and evolves throughout the audit, and the auditor's 
assessment of risk may change as additional audit evidence is obtained. For example, the initial 
risk assessment may presume effective operation of controls, but: 


1. tests of controls may indicate that controls are not operating effectively at relevant times; or 


2. the auditor may detect misstatements in amounts or frequently greater than would have 
been expected given the initial risk assessment. 


In such situations, the auditor should revise the assessment and modify planned audit procedures. 


2.7. Scalability Considerations 


The size and complexity of an entity may determine the way in which the entity's system of 
internal control is designed, implemented, and maintained. A less complex entity may often use 
less formal means to achieve control objectives. For example, while a small or midsized entity 
may not have written or extensive policies and procedures manuals or an independent party 
charged with governance, its management may be more actively involved in financial reporting 
or may establish a corporate culture emphasizing integrity. The auditor must use his or her 
judgment to understand the components of the system of internal control and to make an 
overall assessment of control risk. 


3° Obtaining an Understanding of the Entity 
and Its Environment and the Applicable 
Financial Reporting Framework 


Obtaining an understanding of the entity and its environment is critical, as it establishes a 
frame of reference for planning and performing the audit. The auditor's understanding of the 
entity helps to identify events and conditions that are relevant to the entity and to identify how 
inherent risk factors may affect the susceptibility of the financial statements to misstatement. 
While the extent of this understanding is left to the auditor's professional judgment, it must 

be sufficient to assess the risk of material misstatement, design and perform further audit 
procedures, exercise professional judgment, and maintain professional skepticism. The auditor 
should obtain an understanding of the following factors, and should also consider whether any 
of the factors have changed significantly as compared with the prior period. 


3.1 Nature of the Entity 


The auditor's understanding of the nature of the entity should include obtaining an 
understanding of the organizational structure, ownership and governance, business model, and 
the extent to which the use of IT is integrated into the operations of the entity. Obtaining an 
understanding of the nature of the entity allows the auditor to understand the complexities of 
certain areas of a client's business and to use that understanding to assess the risk of material 
misstatement. 
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PCAOB Standards: Guidance for Issuers 


PCAOB standards state that the auditor should consider performing the following 
procedures to obtain an understanding of the nature of the entity: 


e Read public information about the entity relevant to the evaluation of the 
likelihood of material financial statement misstatement and the effectiveness of 
the entity's internal control over financial reporting; 


e Observe or read transcripts of earnings calls and other publicly available 
meetings with investors and ratings agencies; 


e Obtain an understanding of compensation arrangements with senior 
management, including incentive compensation arrangements, changes or 
adjustments to those arrangements, and special bonuses; 


© Obtain information from SEC filings and other sources about trading activity in 
the entity's securities and holdings of significant shareholders; 


e Inquire of the chair of the compensation committee (or its equivalent), and any 
compensation consultants engaged by either the compensation committee or 
the company, regarding the structuring of the company's compensation for 
executive officers; and 


e Obtain an understanding of the company's established policies and procedures 
regarding the authorization and approval of executive officer expense 
reimbursement. 
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3.2 Objectives, Strategies, and Business Risks 


An entity's objectives are the overall plans for an entity. Its strategies are the means used to 
achieve objectives. Business risks result from events or circumstances that could adversely affect 
the entity's ability to achieve its objectives and execute its strategies. 


Business risks may increase the susceptibility of the financial statements to misstatement when 
management has inappropriate objectives or strategies, fails to recognize the need for change, 
or when incentives or pressures on management result in intentional or unintentional bias. 


A3-8 


Examples of matters that may result in a risk of material misstatement of the financial 
statements include: 


Matter 


Potential Related Business Risk That May Result 
in a Risk of Material Misstatement 


Industry developments 


The entity may not have the personnel or expertise 
to deal with the changes in the industry. In addition, 
industry developments may make a particular 
product obsolete. 


New products and services 


This may result in an increase in product expense 
and related liability. Increases in expense may 
pressure management to fraudulently report those 
accounts at a lower amount. 


Expansion of the business 


The demand may not have been accurately 
estimated, which may result in too much inventory. 


New accounting requirements 


This may result in incomplete or improper 
implementation or a cost increase. 


Regulatory requirements 


Legal exposure may increase. 


Current and prospective financing 
requirements 


Financing may be lost due to the entity's inability to 
meet requirements. 


The effects of implementing a 
strategy, particularly any effects 
that will lead to new accounting 
requirements 


The entity's use of IT 


This may result in incomplete or improper 
implementation. 


The implementation of a new IT system may affect 
both operations and financial reporting. 


Climate-related events 


Incidents may impact an entity's ability to obtain 
financing or attract investors and customers. 


Module 1 
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3.3. Selection and Application of Accounting Policies 


The auditor should understand the entity's selection and application of accounting policies, 
including the reasons for changes. The auditor should evaluate whether the accounting policies 
are appropriate for the entity's business and consistent with the applicable financial reporting 
framework and the industry in which the entity operates. 


The auditor should focus on understanding the significant accounting policies, especially those 
where there is a lack of authoritative guidance or consensus. Additionally, the auditor should 
consider the entity's methods for recognizing and reporting significant or unusual transactions 
and the impact of any financial reporting standards that are new to the entity. 


3.4 Entity's Financial Performance 


Management measures and reviews the entity's financial performance to evaluate 

whether business performance is meeting the desired objectives. The auditor should 

obtain an understanding of this measurement and review, as it may indicate a risk of 
misstatement. For example, in situations in which management receives performance-based 
compensation, unusual growth or profitability may be indicative of management bias in the 
financial statements. 


To obtain an understanding of the entity's performance and the incentives or pressures that 
may exist to commit fraud, the auditor may consider: 


= measures that form the basis for contractual commitments or incentive compensation 
arrangements; 


™ measures used by external parties, such as analysts and rating agencies, to review a 
company's financial performance; and 


= indicators of key performance (both financial and nonfinancial). 


Vex Pass Key 


The auditor's understanding of industry, regulatory, and other factors, as well as the 
entity's nature, objectives strategies, business risks, and financial performance, aid the 
auditor in assessing the entity's inherent risk. 


3.5 Understanding the Group, Its Components, and Their Environment 


When obtaining an understanding of the entity and its environment, the applicable financial 
reporting framework, and the system of internal control in a group audit, the group engagement 
team should do the following: 


m= Enhance its understanding of the group, its components, and their environments, including 
group-wide controls. 


= Obtain an understanding of the consolidation process, including the instructions issued by 
group management to components. 


= Confirm or revise its initial identification of significant components. 
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3.6 Understanding the Impact of Inherent Risk Factors 


Inherent risk factors are characteristics of events or conditions that affect the susceptibility 

of an assertion about a class of transactions, account balance, or disclosure to misstatement, 
whether due to error or fraud, before the consideration of controls. Inherent risk factors may be 
qualitative or quantitative and include factors such as: 


Complexity 
Subjectivity 
Change 

Uncertainty 


Management bias or fraud risk 


Significance 
= Volume or lack of uniformity 


While obtaining an understanding of the entity and the applicable financial reporting framework, 
the auditor should consider the inherent risk factors that may affect the likelihood and 
magnitude of a potential misstatement. 


Va Pass Key 


The inherent risk factors are often closely related. For example, if an accounting estimate is 
subject to assumptions requiring significant judgments, the measurement of the estimate 
is likely to be affected by both subjectivity and uncertainty. Additionally, the greater the 
extent of complexity or subjectivity, the greater the need for the auditor to maintain 
professional skepticism as the inherent risk factors may create opportunity for intentional 
or unintentional management bias. 


3.7. Understanding the IT Environment 


Information technology (IT) encompasses automated means of originating, processing, storing, 
and communicating information. The use of information technology affects the way transactions 
are initiated, recorded, processed, and reported. An entity's use of information technology 
affects both the design and implementation of the system of internal control and the audit 
procedures used to gather evidence. The type of information used as audit evidence may be 

in digital form, which may require the auditor to consider procedures to test the reliability 

of the information. 


WE Pass Key 


Audit objectives are the same in both computerized and manual environments. 
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3.7.1. IT Infrastructure 


An entity's IT environment may consist of multiple layers of supporting IT infrastructure. An 
auditor is concerned with the layers that impact significant business processes and the initiation, 
recording, and reporting of transactions. Examples of the different layers are: 


= Hardware: Includes servers, computers, data centers, and other equipment. 


= Software: Includes financial reporting software, and any enterprise resource planning (ERP) 
systems used by the entity. 


= Network: Includes internet connectivity, firewalls, and security. 
= Operating System: Manages system resources and hardware. 


= Data Storage: May include a traditional infrastructure (data centers and other equipment) 
or a cloud infrastructure. 


To obtain an understanding of the IT environment, the auditor performs risk assessment 
procedures such as touring the entity's facilities and conducting inquiries of entity personnel. 
An auditor must document his or her understanding of the entity's IT environment, including 
the IT applications used to process information as well as the supporting IT infrastructure. 
Documentation of how technology impacts individual transactions is typically included in 

the documentation of the auditor's understanding of the process, associated risks, and 
identified controls. 


3.7.2 Understanding the Risks Arising From the Use of IT 


The auditor obtains an understanding of the entity's use of IT, including IT applications, and the 
risks arising from such use and assesses the general IT controls implemented by the entity to 
address such risks. This understanding may impact: 


= The auditor's decision about whether to test the operating effectiveness of controls to 
address the risk of material misstatement at the assertion level. 


= The auditor's assessment of control risk at the assertion level. 
= The auditor's assessment of inherent risk at the assertion level. 


= The auditor's strategy for testing information produced by, or involving information from, 
the entity's IT applications. 


=m The design of further audit procedures. 


3.8 Relevant External Factors Impacting Entities 


The auditor should understand the condition of the entity's industry, the regulatory environment 
in which the entity operates, the applicable financial reporting framework, the impact of 
technology on the entity's operations, and the general economic conditions that affect the entity. 


3.8.1 Industry Factors 


Relevant industry factors include industry conditions, such as the competitive environment and 
supplier and customer relationships. Examples of matters the auditor may consider include: 


= Cyclical or seasonal activity 
m= Energy supply and cost 


= The market and competition, including demand, capacity, and price competition 


© Becker Professional Education Corporation. All rights reserved. Module 1 A3-11 


Understanding the Entity and Its Environment AUD 3 


3.8.2 Regulatory Factors 


Relevant regulatory factors include the regulatory environment. The regulatory environment 
encompasses, among other matters, the legal and political environment. Examples of matters 
the auditor may consider include the following: 


= Environmental requirements affecting the industry and the entity's business 
=m Laws and regulations 


= Taxation (corporate and other) 


3.8.3 Government Policy Factors 


Government policy relates to the decisions and actions a governmental entity takes, which 
influence politics, business, and the overall economy. Examples of matters the auditor may 
consider include: 


= Government spending 
Government taxation 
Interest rates 


Political stability 


Requirements for licenses and permits 


3.8.4 Financial Reporting Framework Factors 


The applicable financial reporting framework acts as the guidelines for the preparation of the 
financial statements. The framework is typically based on the type of business and where the 
business is located. Factors the auditor may consider include the following: 


= Accounting principles 
= Framework of a regulated industry, including requirements for disclosures 


=  Industry-specific practices 


3.8.5 Technology Factors 


Relevant technological factors include ways that technology directly affects the entity's industry 
and operations. Examples of matters the auditor may consider include the following: 


= Automation 
= Connectivity and accessibility to the entity's information 
m Security 

= Technology relating to the entity's products 

3.8.6 Supply Chain Factors 


The supply chain represents the system of producing and delivering goods and services from 
the raw materials stage to the final delivery to end users and customers. Factors the auditor may 
consider include the following: 


= Bottlenecks due to political risks and government instability 
Compliance with contracts 
Cybersecurity concerns 


Product quality 


Shortages and logistical delays from suppliers 
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3.8.7. Economic Factors 


Relevant factors include elements of the economy overall (macroeconomics) and elements 
related to the economy's impact on individual goods and services provided (microeconomics). 
Examples of matters the auditor may consider include: 


= Supply, demand, and elasticity of the entity's products 

Business cycles and trends in gross domestic product (GDP) growth 
Economic indicators (leading, coincident, lagging) 

Exchange rates and currency revaluation 


Inflation and price levels 


Interest rates and availability of financing 


4 Foundational Concepts: Economic Factors 


In order for an auditor to understand the economic factors impacting an entity, the auditor must 
have a foundational understanding of key microeconomic and macroeconomic concepts. 


4.1 Microeconomic Concepts 


4.1.1 Supply 


The fundamental law of supply states that price and quantity supplied are positively related (i.e., 
they have a positive correlation). The higher the price received for a good or service, the more 
sellers will produce (higher quantity). A change in quantity supplied is a change in the amount 
producers are willing and able to produce resulting solely from a change in price. A change in 
supply is a change in the amount of a good supplied resulting from a change in something other 
than the price. The factors that change supply include: 


= Changes in Price Expectations of the Supplying Firm 

Expectations of price decreases means a firm will supply more now at current price levels. 
= Changes in Production Costs 

When production costs (e.g., materials and labor) decrease, the firm can increase supply. 
= Changes in the Price or Demand for Other Goods 


Decreases in demand for another good offered by the firm will lead to the firm shifting 
resources towards supplying other remaining goods. 


=m Changes in Subsidies or Taxes 
Increases in subsidies and/or decreases in taxes will increase the amount supplied. 
= Changes in Production Technology 


Technology improvements will increase supply. 
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4.1.2 Demand 


The fundamental law of demand states that price and quantity demanded are inversely related 
(i.e., they have a negative correlation). The higher the price charged for a good or service, the 
less buyers will demand (lower quantity). A change in quantity demanded is a change in the 
amount consumers are willing and able to purchase resulting solely from a change in price. 

A change in demand is a change in the amount of a good demand resulting from a change in 
something other than the price. The factors that change demand include: 


= Changes in Income and Wealth 
Increases in income and wealth increase the demand for normal goods. 
= Changes in the Price of Related Goods (Substitutes and Complements) 


e Substitute goods are goods that can be used in place of one another. If the price of a 
similar good increases, the demand will increase for the original good. 


e Complementary goods are goods that are used in tandem. If the price of a 
complementary good decreases, the demand will increase for the original good. 


= Changes in Consumer Tastes or Preferences for a Product 
Demand increases as popularity increases for specific goods/services. 
= Changes in Consumer Expectations 


Expectations of price increases mean a customer will demand more now at current price 
levels. 


= Changes in the Number of Buyers Served by the Market 


An increase in the number of buyers will increase demand. 


4.1.3 Market Equilibrium 


The market's equilibrium price and output (quantity) is the point at which the supply and 
demand curves for a product intersect. The intersection of supply and demand determines the 
equilibrium price. Changes in the supply and/or demand curve will impact the equilibrium price 
and quantity. 


4.1.4 Elasticity 


Elasticity is a measure of how sensitive the demand for, or the supply of, a product is to a change 
in price. 


= Price Elasticity of Demand 


The price elasticity of demand is the percentage change in quantity demanded driven by 

the percentage change in price. In a normal demand curve, an increase in price results in a 
decrease in quantity demanded. A good is deemed price elastic when its quantity demanded 
is highly sensitive to price changes and deemed price inelastic when its quantity demanded 
is not very sensitive to price changes. The more substitutes that exist for a product, the 
greater the elasticity. 


= Price Elasticity of Supply 


The price elasticity of supply is the percentage change in quantity supplied driven by the 
percentage change in price. In a normal supply curve, an increase in price results in an 
increase in quantity supplied. A good is deemed price elastic when its quantity supplied is 
highly sensitive to price changes and deemed price inelastic when its quantity supplied is 
not very sensitive to price changes. Products that can be stored easily are more elastic than 
products which are perishable. 
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= Cross Elasticity 


Cross elasticity of demand (or supply) is the percentage change in the quantity demanded 
(or supplied) of one good caused by the price change of another good. Substitute goods 
will reflect an increase in quantity demanded (supplied) as the price for an alternative 
good increases, while complementary goods will reflect an increase in quantity demanded 
(supplied) as the price for a good used in tandem decreases. 


= Income Elasticity 


The income elasticity of demand measures the percentage change in quantity demanded for 
a product for a given percentage change in income. For normal goods, demand increases as 
income increases. For inferior goods, demand decreases as income increases. 


4.1.5 Profit Maximization 


Profit is equal to total revenue less total cost. Profit maximization occurs when the level of 
production is such that marginal revenue is equal to marginal cost. Marginal revenue is the 
amount of revenue a company earns for each additional unit sold. Marginal cost is the additional 
amount of cost incurred from producing each additional unit. The point at which marginal 
revenue is equal to marginal cost is also the point in which total revenues exceed total costs by 
the largest amount. 


4.2 Macroeconomic Concepts 


4.2.1 Business Cycles 


Although the economy tends to grow over time, the growth in economic activity is not stable. 
Business cycles refer to the rise and fall of economic activity relative to long-term growth trends. 
Business cycles typically comprise the following: 


=  Expansionary Phase 


This phase reflects rising economic activity, rising profits, strong growth, increased demand, 
rising prices, and lower unemployment. 


= Peak 


This is the high point of economic activity, where profits are at their highest levels, firms face 
capacity constraints, and input shortages lead to higher costs and higher price levels. 


= Contractionary Phase 


This phase reflects falling economic activity, slowing (or decreasing growth), falling profits, 
reduced demand, and higher unemployment. 


= Trough 


This is the low point of economic activity, where profits are at their lowest levels, and firms 
have excess capacity and must reduce costs and their workforces. 


= Recovery Phase 


This phase reflects recovering economic activity, rising demand, profit stabilization, and 
increases in employment. 
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Business Cycles 


Output (GDP) 


Contractionary phase 


: in national output 
Expansionary phase 


Peak 


Time (Years) 


4.2.2 Economic Indicators 


Long-term growth trend 


AUD 3 


Economic indicators are statistics that historically have been highly correlated with economic 
activity. These indicators are used by economists and analysts to predict the timing, severity, and 
duration of business cycles. 


= Leading Indicators 


Leading indicators tend to predict economic activity. They change before the economy starts 
to follow a certain trend. 


Leading indicators include: 


A3-16 


Average consumer expectations for business conditions 

Average weekly hours (manufacturing) 

Average weekly unemployment insurance initial claims 

Bond yield curve 

Building permits for new private residences 

Interest rate spreads (10-year treasury bonds versus federal funds rate) 
ISM Index of new orders 

Leading credit index 

Manufacturers' new orders for nondefense capital (non-aircraft) orders 
New manufacturer orders for consumer goods and materials 

S&P 500 stock index 

The Producer Price Index (PPI) 
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= Coincident Indicators 


Coincident indicators change at approximately the same time as the whole economy and 
provide information about the current state of the economy. 


Coincident indicators include: 


Industrial production 
Manufacturing and trade sales 
Industrial production (GDP) 


Personal income less transfer payments 


= Lagging Indicators 


Lagging indicators tend to follow economic activity. They change after a given economic 


trend has already started and are used to confirm or dispute previous forecasts. 


Lagging indicators include: 


Average prime rate charged by banks 

Average duration of unemployment 

Commercial and industrial loans outstanding 

Consumer price index (CPI) for services 

Ratio of consumer installment credit to personal income 
Changes in labor cost per unit of manufacturing output 


Inventories-to-sales ratio 
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NOTES 
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MODULE 


Understanding the 


Control Environment 
and Business Processes 


1 Auditor's Consideration of Internal Control 


1.1. Consideration of the Components of Internal Control 


Although the five components of internal control provide a useful framework for identifying 
and evaluating controls, an auditor should be more concerned with whether and how a specific 
control prevents, detects, and corrects material misstatements than with the classification of 
controls into categories. 


1.1.1. Relevance to the Audit 


=m The system of internal control is relevant to the entire entity or to any of the entity's 
operating units or business functions. 


= The five components of the system of internal control are applicable to the audit of 
every entity. 


= Each of the five components may affect any of the three entity objectives. 


1.1.2 Factors Affecting the Application of the Framework 


The applicability and importance of components of the system of internal control are affected by 
the entity's size, organization, complexity, information processing methodology, and ownership- 
management characteristics. The auditor does not need to understand each component with 
the same degree of detail in every case. 


1.1.3 Acceptable Internal Control Frameworks 


Management may use an internal control framework specified by COSO or another internal 
control framework with components that differ from COSO. Some entities may not use a 
framework when establishing the entity's system of internal control. The auditor may use COSO 
or another framework with different terminology when describing the system of internal control 
as long as all of the components are addressed. 


1.2 Identifying Controls Relevant to Reliable Financial Reporting 


An auditor is required to test the design and implementation of controls that address risks 
of material misstatement at an assertion level when the controls meet one or more of the 
following criteria: 


1. Controls address a significant risk. 
2. Controls are over journal entries or other adjustments. 


3. Controls will be used by the auditor to test the operating effectiveness in order to amend 
the nature, timing, and extent of substantive procedures. 


4. Controls are appropriate, based on the auditor's professional judgment, to assess the risks 
of material misstatement at the assertion level and to design further audit procedures. 


Additionally, the auditor should identify the IT applications subject to risk, the related risks 
arising from the use of IT, and any general IT controls that address such risks. 
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1.2.1. Preventive Controls 


Preventive controls are designed to provide reasonable assurance that only valid transactions 
are recognized, approved, and submitted for processing. Most preventive controls are applied 
before the processing activity occurs. Examples of preventive controls include the hiring of 
competent individuals, personnel training, segregation of duties, and technology-related 
controls such as firewalls, anti-virus software, and security configuration management. 


1.2.2. Detective Controls 


Detective controls are designed to provide reasonable assurance that errors or irregularities 
are discovered and corrected on a timely basis. Detective controls are normally performed after 
processing has been completed. Examples of detective controls include the performance of 
account reconciliations, intrusion detection systems, and the monitoring of system incident logs. 


Vee Pass Key 


It is not necessary for the auditor to assess all of an entity's controls relevant to financial 
reporting. The auditor must use judgment to determine which controls should be assessed 
during the audit. The auditor should focus the assessment of control risk on the entity's 
relevant controls. 


1.3. Effect of Information Technology on Internal Control 


An entity's use of information technology may affect any of the five components of internal control: 


m Management's failure to appropriately address IT risks may negatively impact the 
control environment. 


=m The use of IT may enhance an entity's risk assessment by providing more timely information. 


= Many information and communication systems make extensive use of IT, and the way in which 
IT is used often affects an entity's system of internal control. 


= Much of the information used in monitoring is provided by IT, and therefore, the accuracy of 
the IT system is crucial. 


=m The use of IT may affect the way in which existing control activities are implemented. Also, the 
effectiveness of user controls may depend on the accuracy of information provided to the 
user by IT systems. 


1.3.1 Manual vs. Automated Controls 
Controls in most IT systems include a combination of manual controls and automated controls. 


= Manual Controls: Manual controls are controls performed by people and are more suitable 
when judgment and discretion are required, such as when there are: 


e Large, unusual, or nonrecurring transactions 
e Potential misstatements are difficult to define or predict 
e Changes in circumstances that require changes in controls 


Manual controls are also used to monitor automated controls. Manual controls, however, 
may pose additional risk because they can be more easily ignored or overridden, and they 
are less consistent than automated controls. 
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= Automated Controls: Automated controls are internal controls performed using IT and are 
more suitable for: 


e — High volume or recurring transactions 
e Control activities that can be adequately designed and automated 


Automated controls are embedded within the IT infrastructure as an application or device that 
provides for continuous controls based on established rules within the system. Due to the lack 
of human involvement, automated controls support system integrity by enhancing accuracy, 
timeliness, efficiency, and security. 

1.3.2 General IT and Information Processing Controls 


IT-specific controls include general IT controls and information-processing controls related to 
IT applications. 


= General IT Controls: General IT controls are policies and procedures that relate to many 
applications and support the effective functioning and proper operation of the information 
system and the integrity of information in the entity's information system. General IT 
controls address the risks arising from the use of IT and can be categorized as: 


e Applications: Correlate to the nature and extent of application functionality and 
integration. 


e Database: Address risks arising from the use of IT related to unauthorized updates to 
financial reporting information in the database. 


e Operating System: Address risks related to the use of IT related to administrative 
access, which can facilitate the override of other controls. 


e Network: Address risks arising from the use of IT related to network segmentation, 
remote access, and authentication. 


The auditor first obtains an understanding of the risks arising from the entity's use of IT and 
then identifies the general IT controls put in place to address such risks. Examples of general 
IT controls that may exist include: 


= Controls related to managing access to applications and technology areas 
e Authentication: Validate that a user is using his or her own log-in credentials. 


e Authorization: Ensure users only access necessary information (facilitates segregation 
of duties). 


e Provisioning and Deprovisioning: Authorize new and updated user access privileges 
and the removal of user access. 


e Privileged Access: Administrative user access. 
e User-Access Reviews: Evaluate user access authorizations over time. 
e Security Configuration: System settings of a specific application or IT are to restrict access. 
e Physical Access: Physical access to data center and hardware. 
= Controls related to changes to the IT environment 


e Change-Management Process: Process to design, program, test, and migrate changes 
to a production (end-user) environment. 


e Segregation of Duties Over Change Migration: Segregate access to make and migrate 
changes to a production environment. 


e System Development, Acquisition, or Implementation and Data Conversion: 
Process over IT application development or implementation and data conversion. 
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= Controls related to managing IT operations 


e Job Scheduling and Monitoring: Access to schedules and the initiation of jobs or 
programs related to financial reporting, including oversight of successful execution. 


e Back-up and Recovery: Process to ensure financial reporting data are backed up and 
such back-up data is available in a timely manner in the event of an outage or attack. 


e Intrusion Detection: Monitoring IT environment for vulnerabilities or intrusion. 


=  Information-Processing Controls: Information-processing controls can be automated 
or manual and apply to the processing of information and transactions and can help to 
ensure that transactions occurred, are authorized, and are completely and accurately 
processed and reported. Such controls help to ensure the integrity of the data in an entity's 
information system. Controls over input, processing, and output include: 


e Controls over interfaces, integrations, and e-commerce 

e Checking the mathematical accuracy of records and reports 

e Maintaining and reviewing accounts and trial balances 

e Automated edit checks of input data 

e Manual follow-ups of exception reports 

e Controls over the use of emerging technologies such as blockchain, robotics, or artificial 


intelligence 


1.4 Performing Walk-Throughs to Obtain an Understanding 


The auditor must perform procedures to obtain an understanding of the components of internal 
control to enable an assessment of the risk of material misstatement and determine the audit 
approach. Auditors perform walk-throughs to obtain an understanding of the system of internal 
controls and to eventually test the design and implementation of identified controls. 


Walk-throughs trace the flow of transactions and data relevant to financial reporting through the 
accounting system from inception through recording in the general ledger and presentation in 
the financial statements. 


Walk-throughs assist the auditor in obtaining an understanding of the IT systems that are used 
to process and record financial transactions. This includes capturing and storing information. 


The purpose of a walk-through is to: 


= Confirm the auditor's understanding of key elements of the entity's information processing 
system and internal controls. 


=m Evaluate the design of the relevant controls that address the risk of material misstatement. 
=m Determine whether certain controls have been implemented. 
A walk-through can be performed by: 


=m Selecting a single transaction and tracing it through the entity's information processing 
system from inception to financial reporting. 


= Identifying the key steps in the processing of a class of transactions from inception to 
financial reporting and then performing risk assessment procedures for each step. At each 
step, the auditor should perform procedures for a specific transaction, but not necessarily 
the same transaction at each step. 


A3-22 Module 2 © Becker Professional Education Corporation. All rights reserved. 


AUD 3 Understanding the Control Environment and Business Processes 


Walk-through procedures include inquiry and additional procedures. 


= Inquiry: To perform walk-throughs, the auditor should make inquiries of those who perform 
the information processing and internal control procedures. Inquiries should include: 


e The individual's understanding of the entity's procedures and controls. 
e Whether the processing and controls are performed as required and on a timely basis. 


e — Situations in which the individual and others do not perform the required 
control procedures. 


e The individual's understanding of the processing and controls performed on the 
information before and after the information is handled by the individual. 


= Other Procedures: Inquiry alone is not sufficient. The auditor should corroborate inquiry 
responses by performing additional procedures: 


e Observe individuals performing their information processing and control procedures. 

e  Re-perform the information processing or control procedures. 

e Inspect the relevant documents and accounting records. 

e Corroborate inquiry responses with others knowledgeable about the information 
processing and control procedures. 


1.5 Evaluate the Design and Implementation of Controls 


Once the auditor has obtained an understanding of the system of internal control, the auditor 
must evaluate the design and implementation of identified controls; assess the risks of material 
misstatement; and design the nature, extent, and timing of further audit procedures. 


1.5.1 Evaluate the Design and Implementation of Identified Controls 


= Design: Evaluating the design of a control involves determining whether it is capable, 
individually or in combination with other controls, of preventing or detecting and correcting 
material misstatements. 


= Implementation: A control has been implemented if it exists and is being used. The auditor 
frequently obtains evidence on implementation of a control during a walk-through, which is 
discussed below. To determine whether controls have been implemented, the auditor must 
obtain evidence about whether the individuals responsible for performing the controls have: 


e an awareness of the existence of the procedure and their responsibility for its 
performance; and 


e aworking knowledge of how the procedures should be performed. 


= Procedures: Procedures used to obtain evidence about the design and implementation of 
controls include: 


e Inquiry of entity personnel (inquiry alone is not sufficient) 
e Observation of the application of controls 
e Inspection of documents and reports 


e Reperforming specific controls 
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1.5.2 Assess the Risks of Material Misstatement 


An understanding of the design and implementation of an entity's identified controls is required 
to complete the assessment of the risks of material misstatement, even when the audit strategy 
contemplates performing only substantive procedures with no planned reliance on the entity's 
internal controls. 


The auditor's understanding of the entity's system of internal control allows the auditor to make 
a preliminary assessment of the entity's control risk. 
1.5.3 Design the Nature, Extent, and Timing of Further Audit Procedures 


The nature, timing, and extent of procedures needed to obtain an understanding of the system 
of internal control depend on the size and complexity of the company, the auditor's existing 
knowledge of the company's internal control over financial reporting, the nature of the controls, 
the company's use of IT, the nature and extent of changes in systems and operations, and the 
nature of the company's internal control documentation. 


1.6 Document the Understanding of Internal Control 


The auditor must document the understanding of the design and implementation of the entity's 
identified controls. This documentation should include key elements of understanding each of 
the control components as well as the sources of information from which the understanding 
was obtained. 


The auditor's documentation should focus on the evaluation of the design and implementation 
of controls that address the risk of material misstatement at the assertion level. Such controls 
include those related to: 


= significant risks; 

= journal entries; 

= controls that the auditor plans to rely on when determining further audit procedures; and 
= IT general controls that address IT-related risks. 


The auditor's understanding of the system of internal control should be within the context of the 
auditor's understanding of the entity's processes. Therefore, the auditor will typically document 
the identified controls along with the understanding of the process. When documenting 

the relevant controls, the auditor includes a description of how the controls impact the 
completeness, accuracy, and reliability of data that ultimately may be presented as part of the 
financial information. 


L Pass Key 


Documentation may include any item the auditor can FIND: 
e Flowchart 

e Internal Control Questionnaire or Checklists 

e Narrative 


e Documentation from the client, including copies of the entity's procedures manuals 
and organizational charts. 
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1.6.1 Flowcharts 


A flowchart is a symbolic diagram representing the sequential flow of authority, processes, and 
documents. It can be an essential aid in understanding and evaluating internal control. 


Flowcharting is of use to the auditor in two ways. First, flowcharts of systems are prepared 
in order to evaluate internal control. Second, IT flowcharts, used as documentation tools in 
programming, are useful to the auditor in evaluating the internal control in an automated 
accounting environment because they show the flow of data through the process. 


= System Flowcharts: An adequate flowchart shows the origin of each document in the 
system, its subsequent processing, and its final disposition. Flowcharts are useful to the 
auditor in evaluating internal control because they document the steps in a process and the 
practices in use. The use of standard symbols makes flowcharts easy to understand. Sample 
flowcharts for the major transaction cycles appear in A4. 


= Program Flowcharts: IT flowcharts are initially created to document the logic and existing 
flow of a computer program. The auditor can use these flowcharts to evaluate both the flow 
of the program and the internal controls related to the IT function in general. 


= Flowchart Organization 
Flowcharts should: 
e — Show the general flow of documents and data. 
e Start at the top of the page and move from top to bottom and from left to right. 
e Use descriptive wording familiar to the reader. 
e Avoid intersecting flow lines by using off-page/on-page connectors. 


= Flowcharting Symbols: The symbols shown below and used in the flowcharts in A4 
represent the most commonly used symbols. 


Document or 
Report Manual Data 
Process (e.g., journals, 
ledgers, etc.) 
Computer 
Process <Secod> No 
Yes 
—— 


Key Entry 


On-page connector 


Off-page connector 


Off-line (paper) file; filed by: 


Data flow arrows 


Communication link 


© Becker Professional Education Corporation. All rights reserved. Module 2 A3-25 


Understanding the Control Environment and Business Processes AUD 3 


1.6.2 Internal Control Questionnaires 


An internal control questionnaire generally consists of a list of questions to be answered by "yes" 
or "no" responses. A negative response is designed to draw attention to a possible weakness in 
internal control. Written explanations are required for "no" answers. The questionnaire format 
can also be open-ended, requiring explanation by the employee being interviewed. 


The questions address internal controls over an element, account, or process. Specifically, 
questions should address each of the relevant control procedures. 


1.6.3 Narratives 


A narrative is a written version of a flowchart. It is a description of the auditor's understanding 
of the system of internal control. A narrative is prepared by following a sequence of events for 
a transaction. Note that flowcharts are more appropriate for documenting complex control 
structures, and written narratives are more appropriate for less complex structures. 


Customer purchase orders are received, and a sales order is prepared in duplicate. New 
customers' orders are approved for credit, and any orders received from old customers are 
automatically granted credit. The finished goods department fills the order and sends the 
sales order to the shipping department, where a bill of lading is prepared. A copy of the bill 
of lading is then sent to the billing department, where a sales invoice is prepared. A copy of 
the sales invoice is sent to the accounts receivable department for posting to the accounts 
receivable ledger. 


1.6.4 Documentation From the Client 


An entity's procedures manuals may include documentation of the entity's accounting system 
and related controls. The entity's organizational chart outlines designated lines of authority and 
responsibility. Both documents can assist the auditor in understanding the entity's system of 
internal control. 

1.7. Consider the Limitations of Internal Control 


A strong system of internal control provides only reasonable (not absolute) assurance regarding 
the achievement of objectives due to the following inherent limitations of internal control: 


1. Management override of internal control. 


2. Human error, which may include errors in the design or use of automated controls, or faulty 
or biased judgment used in decision making. 


3. Deliberate circumvention of controls by collusion of two or more people. 
4. External events beyond the control of the entity. 
5. Issues relating to the suitability of the entity's objectives. 


The auditor identifies the risks of management override of internal control in the documentation 
of the auditor's understanding of the relevant processes. The documentation also includes the 
auditor's assessment of the potential impact the risk of management override has on the risk of 
material misstatement. 
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Identifying, Assessing, 
and Responding to Risk 


1 Identifying and Assessing the Risks 
of Material Misstatement 


The auditor uses the understanding of the entity and its environment, the applicable financial 
reporting framework, and the entity's system of internal control to identify and assess the 
risks of material misstatement at the financial statement and assertion level and to identify the 
relevant assertions and the related significant classes of transactions, account balances, and 
disclosures. 


1.1 Financial Statement Level Risks 


Financial statement level risks are risks that relate pervasively to the financial statements as a 
whole and potentially impact many individual assertions. The risk of material misstatement at 
the financial statement level may be especially relevant to the auditor's consideration of the 
risk of material misstatement due to fraud. Financial statement level risks include weaknesses 
related to: 


= The process used to prepare the financial statements, including the development of 
significant accounting estimates and the preparation of disclosures. 


=m The overall system of internal control. 
= Lack of qualified personnel in financial reporting roles. 


=m The selection and application of significant accounting policies. 


1.2. Assertion Level Risks 


Assertion level risks are risks of material misstatement that do not relate pervasively to the 
financial statements but rather relate to specific transactions, account balances, or disclosures. 
The auditor should determine the relevant assertions and the related significant classes of 
transactions, account balances, and disclosures in order to determine the nature, timing, and 
extent of further audit procedures. 


For identified risks of material misstatement at the assertion level, the auditor should assess 
both inherent risk and control risk. 


=m The inherent risk assessment should consider the impact of: 
e the likelihood and magnitude of misstatement; 
e inherent risk factors; and 
e — financial statement level risks. 


= The auditor should use professional judgment to determine where on the spectrum of 
inherent risk the identified risk is assessed. 


The assessment of control risk is based upon the auditor's understanding of the controls in 
place and the auditor's plans to test the operating effectiveness of such controls. 


© Becker Professional Education Corporation. All rights reserved. Module 3 A3-27 


Identifying, Assessing, and Responding to Risk AUD 3 


1.3 Identifying Significant Risks 


Significant risks are identified risks of material misstatement where the inherent risk assessment 
is close to the upper end of the spectrum of inherent risk. The auditor uses professional 
judgment to determine whether a given risk of material misstatement is a significant risk. 
Determining significant risks allows the auditor to focus on the risks that are close to the upper 
end of the spectrum and to plan an appropriate response. 


L Pass Key 


The determination of whether a risk is a significant risk should ignore the effects of 
controls related to the risk and should be based entirely on inherent risk. A significant risk 
exists when inherent risk is higher on the spectrum of inherent risk. 


Factors that may be indicative of significant risks include: 

Risk of fraud 

Significant emerging economic, accounting, or other developments 

Related parties and related party transactions that are also significant and unusual 
Improper revenue recognition due to multiple, hard-to-value, performance obligations 
Nonroutine, unusual, or complex transactions 


Accounting estimates or other subjective measurements of financial information with a high 
degree of estimation uncertainty 


= Accounting principles that are subject to different interpretations 


1.4 Assessing Specific Risks 


For each identified risk, the auditor should consider: 
= What could go wrong at the relevant assertion level. 


m= The significance and likelihood of potential material misstatements (spectrum of 
inherent risk). 


m= Whether tests of controls are required because substantive tests alone are insufficient to 
provide sufficient, appropriate audit evidence. 


m Whether the risk relates to a specific assertion or whether it has a more pervasive effect on 
the financial statements. 
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PCAOB Standards: Guidance for Issuers 


PCAOB standards state that the auditor should identify significant accounts and 
disclosures and their relevant assertions when assessing the risk of material 
misstatement. The determination of significant accounts and disclosures and 
their relevant assertions is made based on inherent risk, without regard for the 
effect of controls. The auditor should evaluate both qualitative and quantitative 
risk factors. When a company has multiple locations and business units, the 
auditor should identify significant accounts and disclosures and their relevant 
assertions based on the consolidated financial statements. Significant accounts 
and disclosures and their relevant assertions are the same in the audit of internal 
control over financial reporting and the audit of the financial statements. 


1.5 Required Documentation 


The auditor should document: 


= The discussion among the audit team regarding the application of the applicable financial 
reporting framework and the susceptibility of the financial statements to material 
misstatement, including how and when it occurred, the participants, the subject matter 
discussed, and significant decisions reached. 


=m Key elements of the understanding of the entity and its environment and the applicable 
financial reporting framework (including each of the components of the system of internal 
control), the sources of information used to develop the understanding, and the risk 
assessment procedures performed. 


=m The evaluation of the design of identified controls and the determination whether such 
controls have been implemented. 


= The identified and assessed risks of material misstatement (at both the financial statement 
and assertion levels), including significant risks and risks for which substantive procedures 
alone are insufficient, and the rationale for significant judgments made. 


A more complex entity/environment results in more extensive audit procedures, which in turn 
should result in more extensive audit documentation. 
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PCAOB Standards: Guidance for Issuers 


PCAOB standards require that in an audit of the financial statements of a 
company with operations in multiple locations or business units, the auditor 
should determine the extent to which audit procedures should be performed at 
selected locations or business units. The amount of audit attention devoted to a 
location or business unit should be correlated with the assessment of the risk of 
material misstatement associated with that location or business unit. 


Factors that are relevant to the assessment of the risks of material misstatement 
associated with a particular location or business unit and the determination of the 
necessary audit procedures include: 


e the nature and amount of assets, liabilities, and transactions executed at the 
location or business unit, including any significant transactions that are outside 
the normal course of business for the company or that otherwise appear to be 
unusual due to their timing, size, or nature ("significant unusual transactions"); 


e the materiality of the location or business unit; 


e the specific risks associated with the location or business unit that present a 
reasonable possibility of material misstatement to the company's consolidated 
financial statements; 


e whether the risks of material misstatement associated with the location 
or business unit apply to other locations or business units such that, in 
combination, they present a reasonable possibility of material misstatement to 
the company's consolidated financial statements; 


e the degree of centralization of records or information processing; 


e the effectiveness of the control environment, particularly with respect to 
management's control over the exercise of authority delegated to others and its 
ability to effectively supervise activities at the location or business unit; and 


e the frequency, timing, and scope of monitoring activities by the company, or 
others at the location or business unit. 
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2 Responding to the Assessed Risks 
of Material Misstatement 


In order to reduce audit risk to an acceptably low level, the auditor should develop the following 
responses to the assessed risks of material misstatement: 


1. An overall response to address financial statement level risks. 


2. Aresponse at the relevant assertion level, whereby the nature, extent, and timing of audit 
procedures are designed to address identified risks related to specific assertions. 


3. Aresponse to significant risks. 


2.1 Overall Response to Financial Statement Level Risk 


In response to risk assessed at the financial statement level, the auditor may: 
= Communicate to the audit team an increased need for maintaining professional skepticism. 
= Assign staff with more experience or specialized skills. 


= Change the nature, timing, and extent of direction and supervision of the engagement team 
members and the review of the work performed. 


= Incorporate a greater level of unpredictability into the audit. 


m Make changes to the overall audit strategy, such as amending performance materiality; 
plans to test the operating effectiveness of controls; or the nature, extent, or timing of tests 
(such as shifting substantive procedures closer to period end). 


PCAOB Standards: Guidance for Issuers 


PCAOB standards state that the overall response to financial statement level 
risk should include an evaluation of the company's selection and application of 
significant accounting principles. 


2.2 Response to Risks at the Relevant Assertion Level 


The auditor should design audit procedures that address the risks of material misstatement 

for each relevant assertion of each significant class of transaction, account balance, and 
disclosure. When planning further audit procedures, the auditor should take into consideration 
the characteristics of the class of transaction, account balance, or disclosure that impacted the 
inherent risk assessment along with the impact of the control risk assessment to determine 
whether the auditor is required to test the operating effectiveness of relevant controls. The 
linkage should be clear between the assessed level of risk at the relevant assertion level and 

the nature, extent, and timing of further audit procedures, including tests of controls and 
substantive procedures. The auditor should maintain professional skepticism, including ensuring 
that auditor bias does not impact the consideration of potentially contradictory audit evidence. 
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L Pass Key 


Three elements of further audit procedures can be varied by the auditor. An easy way to 
remember these elements is: We cast our "NET" over the audit. 


= Nature: The nature of an audit procedure includes both its purpose (test of control 
vs. substantive procedure) and its type (inspection, observation, inquiry, confirmation, 
recalculation, reperformance, or analytical procedure). 


e The higher the assessed risks of material misstatement, the more persuasive audit 
evidence must be. The auditor varies the nature of audit procedures in order to achieve 
the desired level of reliability. 


e — If the auditor uses information provided by the entity's information system, the 
accuracy and completeness of that system must be tested. 


e — Inresponding to assessed risks, the nature of selected audit procedures is of primary 
importance. 


=m Extent: The extent of an audit procedure refers to the quantity to be performed, such as the 
number of observations to be made or the sample size to be used. 


e The higher the assessed risks of material misstatement, the greater the extent of audit 
procedures should be. 


e The auditor should also consider the tolerable misstatement and the degree of 
assurance the auditor plans to obtain. 


= Timing: Audit tests may be performed at an interim date or at period end. 


e The higher the assessed risks of material misstatement, the closer to period-end 
substantive procedures should be performed. 


e Performing audit procedures before period end allows earlier identification of 
significant matters; however, additional evidence is necessary for the remaining period. 


e In considering the timing of audit tests, the auditor should consider when relevant 
information is available. Some procedures occur only at certain times and electronic 
data may not be retained indefinitely. 


In designing further audit procedures that are responsive to the assessed risks, the auditor 
should consider: 


m= the likelihood and magnitude of the risk of misstatement; 
m= the characteristics of the transaction, balance, or disclosure; 


= whether the risk assessment takes account of controls that address the risk of material 
misstatement; and 


= whether the auditor expects to test the operating effectiveness of the controls. 
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2.2.1 Audit Approach 


The auditor's specific approach to identified risks of material misstatement at the relevant 
assertion level may consist of either a substantive approach only or a combined approach. 


= Substantive Approach 


For certain relevant assertions and risks, the auditor may exclude the effect of controls from 
the assessment of the risk of material misstatement. In these circumstances, only substantive 
procedures will be performed. This occurs when control risk is assessed at maximum because 
the auditor has not identified a risk for which substantive procedures alone cannot provide 
sufficient appropriate audit evidence and, therefore, the auditor may not intend to test the 
operating effectiveness of controls in determining the audit procedures. 


= Combined Approach 


A combined approach uses both tests of the operating effectiveness of controls and substantive 
procedures. Typically, if controls are operating effectively, less assurance will be required from 
substantive procedures. 


= Tests of Controls May Be Required 


In situations in which a significant amount of information is initiated, authorized, recorded, 
processed, or reported electronically, substantive procedures alone may not be sufficient. 
Tests of controls are generally required when: 


e  Anentity conducts its business using information technology (IT) and no documentation 
of transactions is produced or maintained, other than through the IT system. 


e Audit assertions are related to routine day-to-day business transactions that permit 
highly automated processing with little or no manual intervention. 


e Audit evidence is obtained in electronic form. The sufficiency and appropriateness of 
such evidence is dependent on the effectiveness of controls over the accuracy and 
completeness of the information. 


= Dual-Purpose Tests 


A dual-purpose test is a test of controls that is performed concurrently with a test of details 
on the same transaction. The purpose of a test of controls is to evaluate the operating 
effectiveness of a control, whereas the purpose of a test of details is to support relevant 
assertions or to detect material misstatements. A dual-purpose test should be designed to 
accomplish both objectives. 


ve Pass Key 


Status of Control Risk Perform 
Internal Control Assessment Control Tests Perform Substantive Procedures 
None or Weak High No (unless heavy Yes: Maximum 
| use of IT) 
Some Medium Yes 


Minimal (but never eliminate for 
Strong Low Yes significant balances, transaction 
classes, or disclosures) 
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2.3. Response to Significant Risks 


For all significant risks, the auditor should: 


= Evaluate the design of the entity's related controls and determine whether the controls have 
been implemented. 


= If relying on the operating effectiveness of internal controls intended to mitigate significant 
risk, tests of controls must be performed in the current period. The auditor cannot rely on 
tests of controls performed in prior periods. 


=m Perform substantive procedures that are clearly linked and responsive to the risk. For areas 
of significant risk, substantive procedures can consist of: 


e tests of details only; or 

° acombination of tests of details and substantive analytical procedures. 
=m Obtain more persuasive evidence the higher the auditor's assessment of risk. 
= Communicate significant risks to those charged with governance. 


= Consider the significant risks in determining key audit matters, when applicable to the 
engagement. 


=m Ensure more involvement by the group engagement partner when the significant risk 
relates to a component in a group audit. 


3 Responding to RMM: Tests of Controls 


3.1 When to Perform Tests of Controls 


In making risk assessments, the auditor should identify those controls that are likely to 
prevent or detect and correct material misstatements in specific relevant assertions. 
Obtaining an understanding of a control is not sufficient to determine whether the control 
is operating effectively. 


Tests of controls are performed when: 


1. the auditor's risk assessment is based on the assumption that controls are operating 
effectively; or 


2. when substantive procedures alone are insufficient (i.e., when the entity makes extensive 
use of information technology). 


Only those controls that are suitably designed to prevent or detect material misstatements are 
subject to tests of operating effectiveness. 


3.2 Operating Effectiveness of Controls 


Some risk assessment procedures performed to obtain an understanding of internal control may 
provide evidence about operating effectiveness, even if they were not intended for that purpose. 


For example, as long as there are adequate controls surrounding computer security and 
program changes, the consistent nature of IT processing may allow procedures performed to 
determine whether an automated control has been implemented to also serve as a test of that 
control's operating effectiveness. 


If it is efficient to do so, the auditor may choose to test the operating effectiveness of controls 
concurrently with obtaining an understanding of the system of internal control. 
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Ves Pass Key 


In a financial statement audit, the auditor is required to obtain an understanding of the 
design and implementation of controls that address the risk of material misstatement 

as part of understanding the entity and its environment. The auditor is not required to 
evaluate operating effectiveness as part of obtaining an understanding of the design and 
implementation of controls. 


3.3. Tests of Design and Operating Effectiveness 


When performing tests of controls, the auditor must obtain evidence that the controls 
selected for testing were both designed effectively and operated effectively during the period 
of reliance. Testing the design and operating effectiveness of controls includes obtaining 
evidence regarding: 


1. Whether the controls were applied at relevant times. 

2. How controls were applied. 

3. The consistency with which controls were applied. 

4. By whom or by what means controls were applied. 

Auditor judgment is used to determine the nature, extent, and timing (NET) of tests of controls. 


3.3.1 Nature of Tests of Controls 


Tests of the operating effectiveness of controls, presented in the order of the evidence that 
they would ordinarily produce, from least to most, include the following: inquiries, observation, 
inspection, and reperformance. The auditor should use a combination of procedures to obtain 
sufficient evidence of operating effectiveness. 


= Inquiry alone is not sufficient. 


= Observation generally is pertinent only at the time the observation is made, so observation 
should be supplemented with other procedures, such as inquiry, inspection, and 
reperformance. 


For some controls, operating effectiveness may be evidenced by documentation; for other 
controls (such as the assignment of responsibility or segregation of duties), documentation 
may not be available or relevant. To test such controls, the auditor would likely rely on inquiry 
and observation. 


Pass Key 


Procedures to test design effectiveness include a mix of inquiry, observation, and 
inspection. Walk-throughs that include these procedures are sufficient to test design 
effectiveness. 


Procedures the auditor performs to test operating effectiveness include a mix of inquiry 
of appropriate personnel, observation of the company's operations, inspection of relevant 
documentation, and reperformance of the control. 
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3.3.2 Extent of Tests of Controls 


The more extensively a control is tested, the greater the evidence obtained from that test. 
The auditor should consider the following factors in determining the appropriate extent of 
testing controls: 


= The frequency of the performance of the control during the period. 

The length of time during which the auditor wishes to rely on the control. 

The relevance and reliability of the evidence to be obtained. 

The extent to which other tests provide audit evidence about the same assertion. 


The extent to which the auditor wishes to rely on the operating effectiveness of the control 
to reduce substantive procedures. 


m= The expected deviation rate from the control. 
= Additional considerations: 


e If acontrol is applied on a transaction basis throughout the period, the auditor should 
use sampling to test the control. 


e IT processing is inherently consistent, so it is possible to test only a few instances of 
the operation of an automated control. Once the auditor has determined that an 
automated control is functioning as expected, the auditor should determine that it 
continues to function effectively. 


e It may be necessary to obtain evidence about the effective operation of indirect controls 
(e.g., general IT controls) that support the operation of other controls. 


3.3.3 Timing of Tests of Controls 
Testing at a Particular Time vs. Testing Throughout a Period 


e When tests of controls are performed at one particular time, they provide evidence that 
controls operated effectively only at that time. Controls tested throughout the period 
provide evidence of operating effectiveness during that period. 


e The auditor may choose to test the operating effectiveness of a control only at one 
particular time, but then supplement this test with other tests that provide evidence 
for the remainder of the period. For example, tests relating to the modification and 
use of computer programs may provide evidence that a control operated consistently 
throughout the period. 


e Tests related to period-end controls, such as tests of controls over the counting of 
physical inventory at period end, may be performed at only one time, if the auditor only 
intends to rely on the control at that one time. 


e Controls that are tested only during an interim period should be supplemented by 
additional evidence for the remaining period. 


= Evidence Obtained in Prior Audits 


Evidence obtained in a prior audit about the operating effectiveness of controls may be 
used in the current audit, as long as the auditor obtains evidence about whether changes in 
those controls have occurred. 


e — If controls have changed since they were last tested, operating effectiveness must be 
retested in the current period. 
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Even if controls have not changed, operating effectiveness must be tested at least once 
every third year. 


— Care should be taken to avoid the possibility that all controls are tested in the same 
period, with no controls tested in the intervening two periods. 


The auditor may also choose, based on the circumstances, to retest operating 
effectiveness more often than once every third year. 


— Generally, the higher the assessed risk, or the greater the intended reliance on 
controls, the more frequently the auditor will choose to test operating effectiveness. 


—A weak control environment or a significant manual component to identified controls 
may also result in more frequent testing, or in choosing not to rely on prior period 
evidence at all. 


The auditor may not rely on audit evidence obtained in prior audits for controls that 
mitigate a significant risk. 


3.4 Results of Tests of Controls 


After performing tests of controls, the auditor may conclude that audit evidence indicates that 
controls are either: 


1. Operating effectively and can be relied upon. The auditor then proceeds to substantive 
procedures based on the assessed risks of material misstatement. 


2. Not operating effectively, in which case the auditor can: 


test alternative controls; or 


reassess control risk (i.e. reassess from low to high), thereby resulting in the need for 
more reliable and extensive substantive procedures. 


Control deficiencies may be noted in the design of controls or in the operation of the effectively 
designed control. Examples include the following: 


= Deficiencies in the design of controls: 


Inadequate documentation and design of internal control over the preparation of 
financial statements or over a significant account or process. 


Lack of appropriate controls over segregation of duties or safeguarding of assets. 
Inadequate design of IT controls. 
Lack of appropriate qualifications or training of client personnel. 


Inadequate design of monitoring controls or the absence of an appropriate process to 
report control deficiencies. 


= Failure in effectively designed controls: 


Failure of control over a significant account or process (e.g., failure to obtain 
appropriate authorization, perform reconciliations, or safeguard assets). 


Undue bias or lack of objectivity. 

Misrepresentation by client personnel to the auditor (indicator of fraud). 
Management override of controls. 

An observed deviation rate that exceeds the auditor's expected rate. 


Failure of the information and communication component of internal control to provide 
complete, accurate, and timely information. 
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If these deficiencies are noted, further testing is required and may take the form of additional 
control testing or more extensive substantive procedures. 


When control deficiencies are noted, the auditor should: 

= Consider compensating controls. 

= Decide whether there is a significant deficiency or material weakness. 

=m Consider the magnitude and possibility of potential misstatements that could occur. 
ie 


Design substantive tests related to the deficiency to provide evidence that the financial 
statements are free from material misstatement regarding that audit objective and area. 


4 Responding to RMM: Substantive Procedures 


4.1 Overview 


= Substantive procedures are used to detect material misstatements at the relevant 
assertion level. 


=m The nature, extent, and timing (NET) of substantive procedures should be responsive to the 
assessed risks of material misstatement, including the results of tests of controls and the 
planned level of detection risk. 


= Regardless of the assessed level of control risk, substantive procedures are required for 
each relevant assertion of each significant transaction class, account balance, or disclosure. 


= The fact that a substantive procedure does not identify any material misstatements does 
not necessarily imply that the related control is operating effectively. 


=m Substantive procedures should include: 


e Agreement of the financial statements, including disclosures, to the underlying 
accounting records. 


e Examination of material journal entries or adjustments made while preparing the 
financial statements. 


e Evaluation of the overall presentation of the financial statements, including disclosures, 
in accordance with the applicable financial reporting framework to ensure the 
appropriate classification, presentation, structure, and content. 


4.2 Nature of Substantive Procedures 


4.2.1 Types of Substantive Procedures 
There are two types of substantive procedures: 
1. Tests of details applied to transaction classes, account balances, and disclosures. 


Tests of details consist of audit procedures used to gather evidence to support the account 
balances as reflected in the financial statements. Tests of details are performed on ending 
balances, the details of transactions, or a combination of the two. 


2. Substantive analytical procedures. 


Analytical procedures are evaluations of financial information made by a study of plausible 
relationships among both financial and nonfinancial data, and they generally involve 
comparisons of recorded amounts to independent expectations developed by the auditor. 
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4.2.2 Selection of Substantive Procedures 


The auditor may use only substantive analytical procedures, only tests of details, or a 
combination of both. 


= Substantive analytical procedures are often used when there is a large volume of 
predictable transactions. 


= Tests of details are generally more appropriate when obtaining evidence regarding the 
existence and valuation of account balances. 


= If tests of controls indicate that controls are operating effectively, then substantive analytical 
procedures may be sufficient to reduce detection risk to an acceptably low level. 


= Iftests of controls indicate that controls are not operating effectively or tests of controls 
were not performed, then the auditor may perform tests of details only. 


4.3 Extent of Substantive Procedures 


=m The more extensively a substantive procedure is performed, the greater the evidence 
obtained from the procedure. The extent of substantive procedures is affected by: 


e The overall risks of material misstatement: The greater these risks, the less detection 
risk that can be accepted, and the greater the extent of substantive procedures. 


e Control risk: If controls are operating effectively, the extent of substantive procedures 
may be reduced. 


= In designing tests of details, the extent of substantive procedures generally refers to 
sample size. 


4.4 Timing of Substantive Procedures 


Substantive procedures can be performed during an interim period, at period end, or after 
period end. 


= If substantive procedures are performed at an interim date, the auditor should perform 
further substantive procedures, or substantive procedures combined with tests of controls, 
to provide a reasonable basis for extending audit conclusions to period end. 


= Performing substantive procedures at an interim date increases the risk that the auditor 
will not detect material misstatements in the financial statements. The longer the period 
between the interim date and period end, the greater the risk. 


= Incertain situations, such as those in which there is an identified fraud risk or high risk of material 
misstatement, the auditor may choose to perform substantive procedures at or near period end. 


= If substantive analytical procedures are to be used to extend audit conclusions from interim 
testing to period end, the auditor should consider whether: 


e  Period-end balances are reasonably predictable with respect to amount, relative 
significance, and composition. 


e The entity's accounting procedures are appropriate. 


e The entity's information system will provide sufficient information to allow investigation 
of unusual or unexpected transactions or balances. 


= If misstatements are discovered at an interim date, the auditor should modify the related 
risk assessment and the procedures to be performed for the remaining period, or should 
consider repeating audit procedures at period end. 


= Evidence obtained from substantive tests performed in a prior audit generally is not 
sufficient for the current period. 
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Specific Areas of Engagement 
Risk and Consideration 


1 Overview 


This module expands on the auditor's responsibility and appropriate response for the following 
specific areas of engagement risk and areas that require specific considerations with respect to 
obtaining sufficient appropriate audit evidence. 


= Anentity's compliance with laws and regulations, including possible legal acts 
Accounting estimates (including fair value estimates) 

Related parties and related party transactions 

Litigation, claims, and assessments 


An entity's ability to continue as a going concern 
2 Compliance With Laws and Regulations 


The effects of laws and regulations on financial statements vary considerably. Some laws and 
regulations have a direct effect on the financial statements because they determine the amounts 
reported and the disclosures in the financial statements. Other laws and regulations do not have 
a direct effect on the financial statements. 


2.1 Noncompliance 


Noncompliance is an act of omission or commission by an entity, whether intentional 

or unintentional, which is contrary to prevailing laws and regulations. Such acts may be 
committed by, or in the name of, the entity or on its behalf by those charged with governance, 
management, or employees. Noncompliance does not include personal misconduct unrelated to 
the business activities of the entity. 


Noncompliance with laws and regulations can result in fines, litigation, or other consequences to 
the entity that may have a material effect on the financial statements. 
2.2 Responsibility for Compliance 


2.2.1 Management's Responsibility 


Management and those charged with governance are responsible for ensuring that the entity's 
operations are conducted in accordance with applicable laws and regulations, including laws and 
regulations that determine the reported amounts and disclosures in the financial statements. 


2.2.2 Auditor's Responsibility 


The auditor is responsible for obtaining reasonable assurance that the financial statements 
are free of material misstatement due to noncompliance with laws and regulations. However, 
the auditor is not responsible for preventing noncompliance and cannot be expected to detect 
noncompliance with all laws and regulations. The further removed that noncompliance is from 
the financial statements, the less likely that the auditor is to recognize the noncompliance. 
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2.2.3. Inherent Limitations 


The potential effects of inherent limitations on an auditor's ability to detect material 
misstatements are greater for material misstatements due to laws and regulations because: 


= Many laws and regulations relating to an entity's operations do not affect the financial 
statements and are not captured by information systems relevant to financial reporting. 


= Noncompliance may be concealed by collusion, forgery, deliberate failure to record 
transactions, management override of controls, or intentional misrepresentations to 
the auditor. 


=m Whether an act constitutes noncompliance is a matter for legal determination. 
2.3. Auditor Procedures Related to Noncompliance 


2.3.1 The Auditor's Consideration of Noncompliance 


When obtaining an understanding of the entity and its environment, the auditor should obtain 
an understanding of: 


= the legal and regulatory framework applicable to the entity and the industry or sector in 
which it operates; and 


= how the entity is complying with that framework. 


The auditor should obtain sufficient appropriate audit evidence regarding material amounts 
and disclosures in the financial statements that are determined by the provisions of laws and 
regulations that have a direct effect on the financial statements. 


For the provisions of laws and regulations that have an indirect effect on the financial statements 
but have a fundamental effect on the entity's operations, the auditor should perform the 
following procedures to identify instances of noncompliance that may have a material effect on 
the financial statements: 


= Inquire of management and those charged with governance about whether the entity is in 
compliance with such laws and regulations. 


m= Inspect correspondence with relevant licensing and regulatory authorities. 


The auditor should consider the evidence gathered in other audit procedures that may reveal 
instances of noncompliance or suspected noncompliance. 


2.3.2 Procedures When Noncompliance Is Identified or Suspected 


If the auditor suspects that noncompliance may exist, the auditor should discuss the matter 
with management at least one level above those suspected of noncompliance and, when 
appropriate, those charged with governance. If management or those charged with governance 
cannot provide sufficient information that shows the entity is in compliance with laws and 
regulations and the effects of the noncompliance may be material, the auditor may consider 

it necessary to consult with the entity's in-house or external legal counsel or with the auditor's 
own legal counsel. The auditor should also consider the impact on the auditor's risk assessment, 
audit opinion, and the reliability of written management representations. 


In certain circumstances, the auditor may also withdraw from the engagement, if withdrawal is 
possible under applicable law or regulation. In making the determination of whether withdrawal 
is necessary, the auditor should consider all relevant factors, including the appropriateness 

of management's response; the legal or regulatory framework; and the nature, urgency, and 
pervasiveness of the noncompliance. 
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James is auditing Healthy Healthcare, which is an entity that provides health care for children. 
Healthy Healthcare must follow the Health Insurance Portability and Accountability Act 
(HIPAA), which includes requirements for protecting the privacy of patient information. 


Maintaining the privacy of patient information (i.e., age and health background of patients) 
does not directly affect the recording and disclosure of the financial statements. However, 
unauthorized disclosure of this confidential information can result in a need to disclose a 
contingent liability because of the allegation of suspected noncompliance with HIPAA. 


Therefore, James should inquire of management and those charged with governance 
about the entity's compliance with HIPAA and he may inspect any correspondence with the 
regulatory agency. 


2.4 Reporting Noncompliance 


2.4.1 Reporting to Those Charged With Governance 


If those charged with governance are not involved in management of the entity, the auditor 
should communicate with those charged with governance matters involving noncompliance, 
other than matters that are clearly inconsequential. If the noncompliance appears to be 
intentional and material, the auditor should communicate the matter to those charged with 
governance as soon as practicable. 


If management or those charged with governance are involved in noncompliance, the auditor 
should communicate the matter to the next higher level of authority at the entity. If there is no 
higher level of authority, the auditor may need to obtain legal advice. 


2.4.2 Reporting to Regulatory and Enforcement Authorities 


Ordinarily, the disclosure of noncompliance to parties other than management and those charged 
with governance is not part of the auditor's responsibility because of the auditor's professional duty 
of confidentiality. In the following circumstances, a duty to disclose outside the entity may exist: 


=  Inresponse to inquiries from an auditor to a predecessor auditor. 
=  Inresponse to a court order. 


= In compliance with requirements for the audits of entities that receive federal financial 
assistance from a government agency. 


2.4.3 Reporting Noncompliance in the Auditor's Report 
= Material Effect on the Financial Statements 


If the noncompliance has a material effect on the financial statements and has not been 
adequately reflected in the financial statements, a qualified opinion or adverse opinion 
should be issued. 


= Insufficient Evidence 


If the auditor is unable to obtain sufficient appropriate audit evidence about the 
noncompliance or suspected noncompliance, a qualified opinion or a disclaimer of opinion 
should be expressed. 


= Client Response 
If the client refuses to accept the auditor's report as modified, the auditor should withdraw 
from the engagement and notify those charged with governance in writing. 
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3 Accounting Estimates 


An accounting estimate is a monetary amount within the financial statements or disclosures 
of an entity for which there is an inherent lack of precision, known as estimation uncertainty. 
Estimates are used because either data about past events cannot be accumulated in a timely, 
cost-effective manner or because measurement depends on the outcome of future events. 

It is the responsibility of management to identify the necessary accounting estimates, make 
reasonable estimates, and include them in the financial statements. 


Examples of accounting estimates include: 
Provision for expected credit losses 
Employee retirement benefit liabilities 
Warranty obligations 


Probability of loss and related amounts due to pending litigation 


Fair value of assets or liabilities, including goodwill and intangible assets 


Accounting estimates are imprecise and can be influenced by management judgment, and 
the judgments may involve unintentional or intentional management bias. The susceptibility 
of an accounting estimate to management bias increases with the subjectivity involved in 
making it. The degree of estimation uncertainty affects the risks of material misstatement of 
accounting estimates. 


Estimation uncertainty varies with the circumstances related to the specific estimate. For 
example, financial statement items that are estimated based on active and open market data 
that are readily available may have a relatively low estimation uncertainty. 


3.1 Auditor's Responsibilities 


It is important for the auditor to maintain professional skepticism, especially when considering 
the inherent risk factors and the potential impact of management bias or fraud on accounting 
estimates. As a part of obtaining an understanding of the entity and its environment, the 
applicable financial reporting framework, and the system of internal control, the auditor is 
responsible for understanding specific matters related to an entity's accounting estimates such as: 


= The entity's transactions or events that may give rise to the need for, or changes to, 
accounting estimates. 


=m The requirements of the applicable financial reporting framework and any other relevant 
regulatory factors. 


= The nature of accounting estimates and related disclosures to be included in the entity's 
financial statements. 


= The nature of identified controls, including those related to oversight, the identification of 
the need for individuals with specialized skills, the use of information technology, and how 
management reviews and responds to the outcomes of previous accounting estimates. 


The auditor should also consider the outcome of previous accounting estimates and when 
applicable, their subsequent reestimation to assist in identifying and assessing the risk of 
material misstatement in the current periods. 


It is also important for the auditor to assess the potential need for engagement team 
members with specialized skills or knowledge to assist with risk assessment, audit procedures, 
or conclusions based on the complexity of the accounting estimate and the degree of 
estimation uncertainty. 
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3.1.1 Assessing the Risk of Material Misstatement of an Accounting Estimate 


The auditor should separately assess inherent risk and control risk when assessing the risk of 
material misstatement of an accounting estimate. When assessing risks related to accounting 
estimates, the auditor should: 


m Evaluate the degree of estimation uncertainty associated with an accounting estimate. 
= Evaluate the impact of inherent risk factors, such as complexity or subjectivity on: 


e The selection and application of the method, assumptions, and data in making the 
accounting estimate. 


e The selection of management's point estimate and related disclosures for inclusion 
in the financial statements. Management's point estimate is the amount selected by 
management to be included in the financial statements as an accounting estimate. 


= Determine whether the accounting estimate gives rise to a significant risk. 


3.1.2 Responding to the Risk of Material Misstatement 


Once the risk of material misstatement of an accounting estimate has been assessed, the 
auditor should plan and perform audit procedures that are responsive to the level of risk and 
the reasons for such risk assessment. The further audit procedures should include one or more 
of the following: 


1. Obtaining evidence from events occurring up to the date of the auditor's report and 
comparing to the value of the estimate 


2. Testing how management made the accounting estimate 
3. Developing the auditor's point estimate or range 


The higher the assessed risk of material misstatement, the more persuasive the audit 
evidence needs to be. Consistent with other audit areas, the auditor should test the operating 
effectiveness of controls if the risk assessment was based on the expectation that identified 
controls are operating effectively or if substantive procedures alone cannot provide sufficient 
appropriate audit evidence. 


3.2 Performing Audit Procedures 


3.2.1 Testing Management's Accounting Estimate 


In obtaining an understanding of how management developed an accounting estimate, the 
auditor should obtain evidence regarding the selection and application of the methods, 
significant assumptions, and data used by management. 


=m Methods are measurement techniques used to make an accounting estimate. A method 
is applied using a computational tool or process, such as a model. The Black-Scholes 
option-pricing formula is an example of a method used to calculate share-based payment 
transactions. 


= Significant assumptions include the judgments made based on available information such 
as interest rates, discount rates, or the outcome of future events. 


= Data is information used that can be obtained through direct observations or an external 
party. Data includes information such as quantities, historical prices, or contractual terms 
and payment schedules. 


In planning audit procedures, the auditor should address whether the methods, significant 
assumptions, and data are appropriate in the context of the applicable financial reporting 
framework and determine if related judgments were influenced by management bias. 
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Examples of indicators of possible management bias with respect to accounting estimates 
include the following: 


=m Changes in an accounting estimate, or the method for making it, when management has 
made a subjective assessment that there has been a change in circumstances. 


= The selection or development of significant assumptions that consistently yield a point 
estimate favorable for management objectives. 


=m The selection of a point estimate that may indicate a pattern of optimism or pessimism. 


The auditor should also plan procedures to address the following with respect to the methods, 
assumptions, and data: 


= Methods 


e Whether the calculations are in accordance with the method and mathematically 
accurate. 


e Whether judgments related to complex modeling have been consistently applied. 


e Whether the integrity of the significant assumptions and data used have been 
maintained. 


= Significant Assumptions 


e Whether the assumptions used are consistent with one another and with assumptions 
used in the other areas of the entity's business. 


e When applicable, whether management has the intent and ability to carry out specific 
courses of action related to assumptions. 


= Data 
e Whether the data is relevant and reliable. 
e Whether the data has been appropriately understood and interpreted by management. 


The auditor should also perform procedures to ensure that management has taken the 
appropriate steps for each accounting estimate to understand the estimation uncertainty, select 
an appropriate point estimate, and develop related disclosures about estimation uncertainty. 

If such steps have not been appropriately taken, the auditor may request that management 
perform additional procedures, or the auditor may develop his or her own auditor's point 
estimate. The auditor should also evaluate whether a control deficiency exists. 


3.2.2 Considerations for Complex Accounting Estimates 


Some accounting estimates require the use of more complex models. Models or methods are 
more complex if they require the use of specialized skills or knowledge to understand and 
apply, or if it is difficult to obtain or maintain the integrity of the data or assumptions used in the 
model. When a more complex model is used, the auditor should consider whether: 


= the entity has validated the model's theoretical soundness and mathematical integrity to 
ensure it is suitable for the intended use; 


®™ appropriate change control policies and procedures exist; and 


=m management has the appropriate skills and knowledge to understand and use the model. 
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3.2.3. Developing an Auditor's Point Estimate 


An auditor's point estimate (or range) is an amount, or range of amounts, developed by the 
auditor in evaluating management's point estimate. The auditor must perform procedures to 
evaluate whether the methods, assumptions, and data are appropriate in the context of the 
applicable financial reporting framework. In developing a point estimate, the auditor should: 


= Ensure that the range includes only amounts that are supported by sufficient appropriate 
audit evidence and are reasonable based on the auditor's evaluation. 


= Design and perform procedures to address the assessed risk of material misstatement 
relating to the disclosures regarding estimation uncertainty. 


The auditor may develop a point estimate in a variety of ways by using a different, commercially 
available model than the one used by management, by using management's model but 
developing alternative assumptions or data, or by engaging a specialist to develop and execute 
a model. 


3.3. Concluding on the Reasonableness of an Accounting Estimate 


To conclude that an accounting estimate is reasonable, the auditor must perform an overall 
evaluation to ensure that the assessed risk of material misstatement remains appropriate; 
management's recognition, measurement, presentation, and disclosure are in accordance with 
the applicable financial reporting framework; and sufficient appropriate audit evidence has been 
obtained. Both corroborative and contradictory information is audit evidence and should be 
considered when forming conclusions on the reasonableness of an estimate. 


If an accounting estimate has a high degree of estimation uncertainty or is considered a critical 
accounting estimate under the applicable financial reporting framework, information of the 
nature, sensitivity, or changes to assumptions may impact financial statement disclosures or 
information communicated to those charged with governance. 


Va Pass Key 


When an auditor determines that the amount of an accounting estimate included in 

the financial statements is unreasonable or was not determined in conformity with the 
requirements of the applicable financial reporting framework, then the auditor should 
treat as a misstatement the difference between the recorded estimate and the best 
estimate supported by the audit evidence. If the auditor determines a range of reasonable 
estimates, then the auditor should treat as a misstatement the difference between the 
recorded estimate and the closest reasonable estimate supported by the audit evidence. 
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The allowance for doubtful accounts is an estimate required by GAAP to ensure that the 
receivables are recorded at net realizable value. An auditor may evaluate the reasonableness 
of this estimate using the following: 


e Based on discussions with the client, the auditor will determine the methods used to 
estimate the allowance using either the aging of accounts receivable or gross accounts 
receivable (method). 


e The auditor will discuss percentages used in the analysis and relevant factors that must 
be considered in the estimation process (assumptions). 


e The auditor will obtain information about receivables provided in the trial balance (data). 


e In addition, receivable aging reports may be obtained at year-end to determine whether 
the estimates have been calculated appropriately. 


—If different percentages are applied to receivable aging buckets, the percentages used 
will be assessed for reasonableness. 


—Ilt is important for the auditor to obtain an explanation of customer balances that are 
noted as significantly past due on the aging detail. These balances may significantly 
affect the allowance estimate if the accounts will not be written off by year-end. 


e As the allowance balance provides an estimate for potential write-offs, the auditor will obtain 
information regarding accounts written off during the current year and the adequacy of 
the previous year's allowance balance. Historical write-offs can also be reviewed as these 
are typically a basis for percentages used to estimate the allowance balance. Based on this 
information, the auditor can begin to assess whether the balance is too low or too high. 


The allowance account in the balance sheet is tied to an expense on the income statement 
and will affect net income. Therefore, management's estimates regarding the allowance 
account are susceptible to bias. 


4 Related Party Transactions 


4.1 Accounting for Related Party Transactions 


Except for very routine transactions, it is virtually impossible to determine whether a transaction 
would have taken place in exactly the same manner if the parties weren't related. Therefore, a 
related party transaction is not considered to be an arm's-length transaction. For this reason, the 
substance of a related party transaction may be very different from its form, and GAAP requires 
that such transactions be disclosed. 


4.2 Auditor's Responsibility 


When auditors are performing an audit of financial statements, they are responsible for 
identifying any related party transactions encountered during the course of the audit and 

for determining whether the transactions have been properly accounted for and disclosed in 

the financial statements. An understanding of related party transactions and relationships is 
also relevant to the auditor's evaluation of fraud risk because fraud is more easily committed 
through related parties. Related parties may include the reporting entity's affiliates, principal owners, 
management, and members of their immediate families. 
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4.2.1 Audit Objectives 


The auditor should obtain an understanding of related party relationships and transactions 
sufficient to: 


=m Recognize fraud risk factors, if any, arising from related party relationships and transactions 
that are relevant to the assessment of the risk of material misstatement due to fraud. 


= Conclude whether the financial statements achieve fair presentation, insofar as they are 
affected by related party relationships. 


= Obtain sufficient appropriate audit evidence about whether related party transactions and 
relationships have been appropriately identified, accounted for, and disclosed. 


4.2.2 Audit Procedures 


Application of specific procedures regarding material transactions with related parties 
should include: 


= Obtaining an understanding and evaluating the company's process (including controls) for 
identifying related parties, authorizing and approving transactions with related parties, and 
accounting for and disclosing relationships and transactions. The auditor should obtain a 
conflict-of-interest statement from the client and evaluate the completeness and accuracy of 
the identified related party relationships and transactions while considering the information 
gathered during the audit. 


=m Requesting that management and others within the company provide the names of 
all related parties, including changes from the prior period; background information 
concerning related parties (e.g., physical location, industry); the nature of the relationships 
between the entity and related parties (including ownership structure); whether the entity 
entered into, modified, or terminated any transactions with related parties; and the types 
and business purposes of any related party transactions. 


=m Performing procedures to test the balances of any accounts related to affiliated entities as 
of concurrent dates. 


= Inquiring about any unauthorized or unapproved related party transactions and any 
related party transactions for which exceptions were granted and the reasons for granting 
those exceptions. 


= Inquiring of those charged with governance their understanding of any significant or 
unusual relationships and transactions with related parties and whether they have any 
concerns regarding relationships or transactions with related parties. 


= Reviewing the reporting entity's filings with the SEC and other regulatory agencies 
concerning the names of officers and directors who occupy management or directorship 
positions in other businesses. 


= Reviewing material transactions (especially investment transactions) for related party 
evidence, including bank and legal confirmations, minutes, summaries of actions of recent 
meetings for which minutes have not been prepared, and other appropriate records 
and documents. 


m Reviewing prior years' audit documentation or inquiring of the predecessor auditor. 


4.2.3 Impact on the Auditor's Report 


If management indicates in the financial statements that the transaction was consummated on 
arm's-length terms and the auditor believes that this statement is unsubstantiated, the auditor 
should express a qualified or adverse opinion. 
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4.2.4 Documentation 

The auditor should include the names of all identified related parties and the nature of the 
related party relationships in the audit documentation. 

4.3 Identifying and Examining Related Party Transactions 


4.3.1 Identifying Related Party Transactions 


The auditor should discuss the entity's relationships and transactions with related parties with the 
engagement team and provide the names of known related parties to the audit staff. The auditor 
should remain alert for the following items, which may be indicative of a related party transaction: 


Compensating balance arrangements (which may be maintained by or for related parties) 
Loan guarantees 
Unusual, nonrecurring transactions near year-end 


Transactions based on terms that differ significantly from market terms 
= Nonmonetary exchanges 
4.3.2 Identified Significant Related Party Transactions 


When the auditor identifies related party transactions that are required to be disclosed or 
determined to be a significant risk, the auditor should: 


m Read the underlying contracts or agreements, if any, and evaluate whether: 


e The business purpose of the transactions suggests that they may have been entered 
into to engage in fraud. 


e The terms of the transactions are consistent with management's explanations. 
e The transactions have been appropriately accounted for and disclosed. 


= Obtain audit evidence that the transactions have been appropriately authorized and approved. 


Doug owns 60 percent of ABC Company. ABC Company purchased a building from Doug 
for $15 million, although its fair market value is $40 million. 


The auditor should verify that this related party transaction is recorded at $15 million and 
disclosed in the financial statement notes. 


4.3.3 Identification of Previously Unidentified or Undisclosed Related Parties 
or Significant Related Party Transactions 


If the auditor identifies related parties or significant related party transactions that management 
has not previously identified or disclosed to the auditor, the auditor should: 


1. Communicate the information to the other members of the engagement team. 
2. Request management to identify all transactions with the newly identified related parties. 


3. Inquire why the entity's controls failed to enable the identification and disclosure of the 
related party relationships or transactions. 


4. Perform appropriate substantive procedures. 
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5. Reconsider the risk that other related parties or related party transactions may not have 
been identified or disclosed. 


6. Evaluate the audit implications if management's nondisclosure appears intentional. 


PCAOB Standards: Guidance for Issuers 


PCAOB guidance provides additional procedures that should be performed 
for each related party transaction that is either required to be disclosed in the 
financial statements or determined to be a significant risk: 


e Determine whether any exceptions to the company's established policies or 
procedures were granted. 


e Evaluate the financial capability of the related parties with respect to significant 
uncollected balances, loan commitments, supply arrangements, guarantees, 
and other obligations, if any. 


e Perform procedures on intercompany account balances as of concurrent dates, 
even if fiscal years of the respective companies differ. 


5 Litigation, Claims, and Assessments 


For actual or potential litigation, claims, and assessments, the auditor should obtain audit 
evidence relevant to: 


1. the period in which the underlying cause for legal action occurred; 
2. the degree of probability of an unfavorable outcome; and 
3. the amount or range of potential loss. 


Potential litigation, claims, and assessments can be discovered by conducting the following 
audit procedures: 


Inquiring of management about unrecorded contingencies related to litigation. 
Reviewing correspondence and invoices from attorneys. 

Reviewing IRS reports and tax returns for unsettled disagreements. 

Reviewing minutes of board and stockholder meetings. 


Obtaining a letter from the client's attorney. 


Obtaining a management's representation letter. 


Ve Pass Key 


It is management's responsibility to identify and account for contingent liabilities, including 
litigation, claims, and assessments, through the policies adopted by management for such 
purposes. The management representation letter should indicate that management has 
disclosed to the independent auditor all such relevant information. 
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5.1 Letter of Inquiry to Client's Attorneys 


When audit procedures indicate that there are actual or potential litigation, claims, or 
assessments, the auditor should seek direct communication with the entity's external legal 
counsel through a letter of inquiry regarding litigation, claims, and assessments. This letter 

is prepared by management and sent by the auditors to the attorneys. When in-house legal 
counsel has responsibility for litigation, claims, and assessments, the auditor should also seek 
direct communication with the in-house legal counsel through a letter of inquiry. 


The auditor should document the basis for any decision not to seek direct communication with 
legal counsel. 


A client's refusal to permit inquiry of the attorneys generally will result in a disclaimer of opinion 
or withdrawal from the audit. 


5.1.1 Response by Attorneys 


The attorneys in turn send their replies directly to the independent auditor. In these replies, 
attorneys give their evaluation concerning litigation, claims, and assessments within their 
knowledge or control. The date of the attorney's response should be as close as possible to the 
date of the auditor's report. 


The lawyer's response to the letter of inquiry should include a professional opinion on the 
expected outcome of any lawsuit and the likely outcome of any liability, including court costs. 


= Substantial Attention Limitation: Lawyers may limit their replies to matters to which they 
have given substantial attention. Responses may also be limited to material matters if an 
understanding has been reached between the lawyer and the auditor as to what amount 
would be considered material. 


= Confidentiality Limitation: In some cases, it may be unwise for an attorney to disclose 
certain confidential information. An example of this may be knowledge of a patent violation, 
if the disclosure of the violation in the financial statements could bring about a lawsuit. 


5.1.2 Refusal to Respond by Attorneys 


An attorney's refusal to respond to a letter of inquiry where the attorney has devoted 
substantial attention to litigation matters is a limitation in the scope of an independent auditor's 
examination, sufficient to preclude an unmodified opinion. 


5.1.3. Inherent Uncertainties 


In some cases, inherent uncertainties may make it difficult for an attorney to form conclusions 
regarding pending litigation. If the auditor is satisfied that financial statement disclosure is 
adequate, no modification to the opinion would be required. 


Ve Pass Key 


Note that management is the primary source of information regarding contingencies, 
including litigation, claims, and assessments. The letter sent to the client's attorney is 
simply a means of corroborating information provided by management. 
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5.1.4 Concluding Procedures 


Once the auditor has reviewed audit evidence regarding potential claims and assessments and 
has received the letter of inquiry from the client's attorney, the information should be analyzed 
to determine if management has adequately accounted for and recorded any amounts that are 
considered probable and are reasonably estimable. The auditor should also verify that amounts 
that are probable but not reasonably estimable, or that are reasonably possible, are adequately 
disclosed in the footnotes. 


5.1.5 Sample Letter of Audit Inquiry 


[Company Letterhead] 
[Appropriate Addressee] 


In connection with an audit of our financial statements at (balance sheet date) 
and for the (period) then ended, management of the Company has prepared, 
and furnished to our auditors (name and address of auditors), a description and 
evaluation of certain contingencies, including those set forth below involving 
matters with respect to which you have been engaged and to which you have 
devoted substantive attention on behalf of the Company in the form of legal 
consultation or representation. These contingencies are regarded by management 
of the Company as material for this purpose (management may indicate a 
materiality limit if an understanding has been reached with the auditor). Your 
response should include matters that existed at (balance sheet date) and during 
the period from that date to the date of your response. 


Pending or Threatened Litigation 


[Ordinarily management's information would include (i) the nature of the litigation, 
(ii) the progress of the case to date, (iii) how management is responding or 

intends to respond to the litigation, and (iv) an evaluation of the likelihood of an 
unfavorable outcome and an estimate, if one can be made, of the amount or range of 
potential loss.] 


This letter will serve as our consent for you to furnish to our auditor all the 
information requested therein. Accordingly, please furnish to our auditors such 
explanation, if any, that you consider necessary to supplement the foregoing 
information, including an explanation of those matters as to which your views may 
differ from those stated and an identification of the omission of any pending or 
threatened litigation, claims, and assessments or a statement that the list of such 
matters is complete. 


(continued) 
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(continued) 


Unasserted Claims and Assessments 


[Ordinarily management's information would include (i) the nature of the matter, (ii) 
how management intends to respond if the claim is asserted, and (iii) an evaluation of 
the likelihood of an unfavorable outcome and an estimate, if one can be made, of the 
amount or range of potential loss.] 


Please furnish to our auditors such explanation, if any, that you consider necessary 
to supplement the foregoing information, including an explanation of those 
matters as to which your views may differ from those stated. 


We understand that whenever, in the course of performing legal services for us 
with respect to a matter recognized to involve an unasserted possible claim or 
assessment that may call for financial statement disclosure, if you have formed a 
professional conclusion that we should disclose or consider disclosure concerning 
such possible claim or assessment, as a matter of professional responsibility to 
us, you will so advise us and will consult with us concerning the question of such 
disclosure and the applicable requirements of Financial Accounting Standards 
Board (FASB) Accounting Standards Codification (ASC) 450, Contingencies. Please 
specifically confirm to our auditors that our understanding is correct. 


Please specifically identify the nature of and reasons for any limitations on 
your response. 


Very truly yours, 


[Name] 


6 An Entity's Ability to Continue as a Going Concern 


On every audit engagement, the auditor is responsible for evaluating audit evidence to 
determine whether there is substantial doubt about the entity's ability to continue as a going 

concern for a reasonable period of time. "Reasonable period of time" depends on the financial 
reporting framework used: 


AUD 3 


FASB: one year after the date the financial statements are issued (or available to be issued, 
as applicable) 


GASB: one year beyond the date of the financial statements. GASB further requires that, if 
a governmental entity currently knows information that may raise substantial doubt shortly 
thereafter (for example, within an additional three months), such information should also 
be considered. 


If the going concern basis is not applicable to the financial reporting framework (e.g., cash basis, 
tax basis), the auditor should use one year after the date the financial statements are issued (or 
available to be issued). 
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If there are conditions or events, considered in the aggregate, that raise substantial doubt, the 
auditor should: 


= Obtain sufficient appropriate audit evidence by performing additional audit procedures, 
including consideration of mitigating factors. 


m Evaluate management's plans to alleviate substantial doubt. 


= Conclude on whether there is substantial doubt and the appropriateness of going concern 
basis of accounting (as opposed to the liquidation basis of accounting). 


= Consider the impact to the auditor's report based on whether or not the substantial doubt 
has been alleviated by management's plans. The report may include a separate section or 
emphasis-of-matter paragraph (nonissuer) or an explanatory paragraph (issuer) depending 
on the auditor's conclusions. 


6.1 Factors That May Indicate Substantial Doubt 


Based on the procedures performed, the auditor identifies conditions and events that may be 
indicative of substantial doubt. A mnemonic to help remember the condition is "FINE." 


= Financial difficulties: Loan defaults, dividend arrearages, denial of usual trade credit, debt 
restructuring, noncompliance with capital requirements, new financing sources or methods, 
disposal of substantial assets 


= Internal matters: Work stoppages, labor difficulties, substantial dependence on a 
particular project, uneconomic long-term commitments, significant revision of operations 


=m Negative trends: Recurrent losses, working capital deficiencies, negative cash flows, 
adverse financial ratios 


= External matters: Legal proceedings; new legislation; loss of a key franchise, license, or 
patent; loss of a principal customer or supplier; natural disasters 


6.2 Mitigating Factors 


When an auditor believes that there is substantial doubt about an entity's ability to continue as 
a going concern, the auditor is required to consider management's plans for dealing with the 
conditions or events that led to the auditor's belief, including: 


= Plans to borrow money or restructure debt 
m= Plans to sell assets 

= Plans to delay or reduce expenditures 

= Plans to increase ownership equity 


Note: Mitigating factors must include both intent and the ability to carry out the planned 
procedures. 


After considering management's plans, the auditor may decide that substantial doubt about 
the entity's ability to continue as a going concern for a reasonable period of time has been 
alleviated. In such cases, the auditor should still consider the need for disclosure of the 
conditions and events that initially gave rise to the substantial doubt. 
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6.3. Reporting for Nonissuers 


The determination of wording depends on whether or not substantial doubt has been alleviated 
by management's plans. 


m= Ifthe going concern basis of accounting is appropriate and substantial doubt has been 
alleviated based on management's plans, the auditor should evaluate the adequacy of the 
required financial statement disclosures. If adequate disclosures have been made, the 
auditor may include (optional) an emphasis-of-matter paragraph making reference to 
management's disclosures. 


m= Ifthe going concern basis of accounting is appropriate and substantial doubt remains, 
the auditor should include a separate section in the auditor's report with the heading 
"Substantial Doubt About the Entity's Ability to Continue as a Going Concern." 


Substantial Doubt About the Company's Ability to Continue as a Going Concern 


The accompanying financial statements have been prepared assuming that the 
Company will continue as a going concern. As discussed in Note X to the financial 
statements, the Company has suffered recurring losses from operations, has 

a net capital deficiency, and has stated that substantial doubt exists about the 
Company's ability to continue as a going concern. Management's evaluation of the 
events and conditions and management's plans regarding these matters are also 
described in Note X. The financial statements do not include any adjustments that 
might result from the outcome of this uncertainty. Our opinion is not modified 
with respect to this matter. 


6.4 Reporting for Issuers 


An explanatory paragraph should be added when there is a going concern uncertainty. The wording 
of the explanatory paragraph must include the terms "substantial doubt" and "going concern." 


Although the general rule in going concern cases is to add an explanatory paragraph to the 
unqualified opinion, the auditor is not precluded from choosing to disclaim an opinion due to 
a going concern uncertainty. The decision between an unqualified opinion with an explanatory 
paragraph and a disclaimer of opinion is based on the auditor's judgment. 


6.5 Documentation Requirements 


When the auditor believes that there is substantial doubt about the ability of the entity to 
continue as a going concern for a reasonable period of time, the following items should all be 
included in the audit documentation: 


1. The conditions or events that gave rise to the substantial doubt. 
2. Any mitigating factors that the auditor considers significant. 


3. Audit work performed to evaluate management's plans, including written representation 
from management (1) describing its plans to mitigate substantial doubt and the probability 
that those plans can be effectively implemented; and (2) that the financial statements 
disclose all matters relevant to an entity's ability to continue as a going concern. 


The auditor's conclusion about whether substantial doubt remains or is alleviated. 


5. The effect of the auditor's conclusion on the evaluation of the financial statements and 
related disclosures, and on the resulting auditor's report. 
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6.6 Other Going Concern Considerations 


= If, in the auditor's judgment, the entity's going concern disclosures are inadequate, a 
departure from GAAP exists. This may result in either a qualified or adverse opinion. 


=m If management is unwilling to perform or extend its evaluation to meet the period of time 
required by the applicable financial reporting framework when requested to do so by the 
auditor, the auditor should issue a qualified or adverse opinion. 


m= Ifthe financial statements have been prepared using the going concern basis of accounting 
but, in the auditor's judgment, management's use of the going concern basis of accounting 
in the preparation of the financial statements is inappropriate, the auditor should express 
an adverse opinion. 


m=  [fthe auditor's doubts about the entity's ability to continue as a going concern are removed 
in a subsequent period, the going concern section (explanatory paragraph) of the prior 
period need not be repeated. 


=m The auditor should communicate going concern issues to those charged with governance. 
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NOTES 
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Sufficient Appropriate 
Evidence 


1 Audit Evidence Overview 


Audit evidence is all the information the auditor uses to arrive at the conclusions on which the 
audit opinion is based. It includes information in written or electronic form as well as observable 
assets or activities, and it must be obtained to support auditor conclusions. Audit evidence is 
gathered throughout the audit when performing: 


=m Risk assessment procedures 
= Tests of controls 

= Substantive procedures 

= Other audit procedures 


Audit evidence may also come from other sources, such as previous audits or a firm's quality 
control procedures for client acceptance and continuance. 


2 Types of Audit Evidence 


Audit evidence consists of underlying accounting records and corroborating or contradictory 
evidence. The auditor should have access to all pertinent accounting data. Audit evidence may 
take different forms such as oral information, visual information, paper documents, or electronic 
information such as documents and data. The form may affect the audit procedures necessary 
to evaluate the information. 


2.1 Accounting Records 


Accounting records consist of records of initial entries and any supporting records. For 
example, accounting records include checks, records of electronic fund transfers, invoices, 
contracts, ledgers, journal entries, and worksheets. The auditor tests the accounting records 
through analytical procedures and substantive procedures, such as retracing procedural steps, 
recalculation, and reconciliation. Note that accounting records alone do not provide sufficient 
support for the audit opinion. However, internal consistency among the accounting records 
provides some evidence that the financial statements are presented fairly. 


2.2. Corroborating Evidence 


Corroborating evidence includes minutes of meetings, confirmations, industry analysts' reports, 
data about competitors, evidence obtained from management specialists, and information 
obtained through observation, inquiry, and inspection. Corroborating evidence provides 
additional support and gives validity to the recorded accounting data. 
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2.3. Evidence in Electronic Form 


In certain entities, some of the accounting records or corroborating evidence may be available only 
in electronic form. Source documents may be replaced by electronic messages, or business may 
be transacted electronically. Although electronic evidence may be initially available, it may not be 
retrievable indefinitely. The auditor should therefore consider the time during which information 
exists or is available in determining the nature, extent, and timing of auditing procedures. 


3 Obtaining Sufficient Appropriate Audit Evidence 


3.1 Reasonable Basis for an Opinion 


The audit evidence must persuade the auditor that the ending balances in the financial 
statements are fairly presented. The audit provides reasonable assurance regarding the fairness 
of the financial statements. The auditor is not a guarantor, and, in most cases, cost-benefit 
considerations prohibit an examination of 100 percent of the accounting data. Therefore, it is 
generally not practical or possible to obtain assurance beyond all doubt, and the auditor usually 
must rely on evidence that is persuasive, rather than conclusive. 


Persuasiveness is a subjective concept and relates uniquely to each audit. The nature, extent, 
and timing of audit procedures performed on information to be used as audit evidence 
influences the persuasiveness of such information. 


Note that although the cost-benefit relationship may be a valid reason for performing only 
certain procedures, cost alone or difficulty in obtaining evidence is not a valid basis for omitting 
a procedure for which there is no appropriate alternative. Thus, the auditor must exercise 
professional skepticism and sound judgment in determining the procedures to be performed 
and the sufficiency and appropriateness of the evidence gathered to achieve the objectives of 
the planned procedures. 


3.2 Sufficiency of Audit Evidence 


Sufficiency refers to the quantity of audit evidence. The auditor must use professional judgment in 
determining the amount and kinds of evidence sufficient to support an opinion. Judgments about 
materiality and audit risk underlie this determination. The amount of evidence gathered directly 
affects the level of detection risk, which is the risk that the auditor's evidence-gathering procedures 
will not be sufficient to support the financial statement assertions. 


The auditor's decision regarding the sufficiency of evidence is influenced by: 

= The Risk of Material Misstatement: Greater risk implies more evidence will be required. 

= The Quality of Audit Evidence: Less audit evidence may be required when that evidence is 
of higher quality. 


Note that even if it is conclusive, evidence regarding a small portion of a balance or a single 
transaction is generally insufficient to support the entire balance. For instance, overwhelming 
evidence of the existence of a $500 account receivable is not sufficient to substantiate a total 
accounts receivable balance of $1,000,000. 


3.3. Appropriateness of Audit Evidence 


Appropriate audit evidence must be reliable and relevant, and the auditor must consider 
whether the information corroborates or contradicts financial statement assertions. Both 
contradictory and corroborating information is evidence. The appropriateness of evidence 
depends on the source of the information and on key attributes such as accuracy, completeness, 
authenticity, and susceptibility to management bias. 
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3.3.1 Reliability of Evidence 


Reliability of audit evidence is dependent on the circumstances under which it is gathered. 
Reliability of evidence is also influenced by its source and nature. In evaluating the reliability 

of evidence, the auditor should consider whether the information is sufficiently detailed for its 
purpose and whether evidence has been obtained regarding the completeness and accuracy of 
the information. 


= Auditor's Direct Personal Knowledge 


Any evidence obtained directly by the auditor (i.e., through observation, physical 
examination, inspection, or recalculation) provides more persuasive evidence than evidence 
obtained indirectly. Evidence obtained indirectly may require the auditor to perform 
additional procedures to evaluate the reliability of the information. 


= External Evidence 


External evidence obtained from independent sources outside the enterprise provides 
greater assurance of reliability than internally generated evidence. Information obtained 
from a management's specialist or auditor's specialist is not considered to be from an 
external information source due to the relationship created by the terms of the relevant 
engagement by the auditor or management. 


The two types of external evidence are: 
1. evidence sent directly to an independent auditor; and 
2. evidence received and held by the client. 


Evidence sent directly to the auditor (e.g., a bank confirmation) is more valid than evidence 
received and held by the client. 


= Importance of Effective Controls 


Internal evidence generated within the enterprise is not as reliable as external evidence, but 
strong, effective internal controls improve reliability. Internal evidence includes purchase 
orders, sales orders, general ledgers, and management reports. 


= Documentary Evidence 


Audit evidence in documentary form is more reliable than oral evidence, and original 
documentation is more reliable than photocopies, faxes, or documents that have been 
converted to electronic form. Oral evidence consists of statements made by clients 
concerning the procedures involved in a given transaction, often resulting in the explanation 
of an account balance. Oral evidence is the least reliable form of evidence. Using electronic 
information, such as scanned documents, may require additional audit procedures to 
support the reliability of the information. 


= Consistency of Evidence 


When audit evidence obtained from different sources is consistent, a greater degree 
of assurance is provided. Additional audit procedures may be necessary to resolve 
inconsistencies or doubts about the reliability of audit evidence. 
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= Information Produced by the Client 


If the auditor intends to use information produced by the client, additional procedures 
may be necessary as compared with the evaluation needed for external evidence. The 
auditor should determine whether the information is sufficiently reliable for the auditor's 
purposes by: 


e Obtaining evidence about the accuracy and completeness of the information. Such 
evidence may be obtained by: 


—Testing controls over the preparation and maintenance of the information. 


—Tying information back to the original internal or external source. Examples of 
internal and external information sources could include items such as confirmations, 
bank statements, general ledgers, or subledgers. 


— Validating search criteria used to obtain system-generated report data. 


e Evaluating whether the information is sufficiently precise and detailed for the 
auditor's purposes. 


yas Pass Key 


Memorize the following hierarchy of audit evidence (from most reliable to least reliable): 
1. Auditor's direct personal knowledge 

2. External evidence 

3. Internal evidence 

4. Oral evidence 


3.3.2 Relevance of Evidence 


Evidence must relate to the financial statement assertion(s) under consideration, and the time 
period to which the information relates must be consistent with the period covered by the audit. 
For example, accounts receivable confirmations are relevant to the existence of receivables, not 
to their valuation, because a customer can confirm that a receivable exists, but this does not 
necessarily imply that the customer has the intent or the ability to pay. 


PCAOB Standards: Guidance for Issuers 


PCAOB standards state that the relevance of audit evidence depends on: 


e the design of the audit procedure, in particular whether it is designed to test 
the assertion directly and whether it is designed to test for understatement or 
overstatement; and 


e the timing of the audit procedure. 
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4 Concluding on the Sufficiency and Appropriateness 
of Audit Evidence 


4.1 Results of Further Audit Procedures 


The results of further audit procedures may lead the auditor to: 
m Reassess the risks of material misstatement. 
= Identify control deficiencies as a result of tests of controls or substantive procedures. 


= Identify misstatements as a result of substantive procedures. 


4.2 Revising the Assessed Risks of Material Misstatement 


The results of further audit procedures should be used to determine whether the assessed 
risks of material misstatement at the relevant assertion level is still appropriate. Audit evidence 
obtained may cause the auditor to modify the initial risk assessment. When there is a change in 
the assessed level of risk, the auditor should modify planned audit procedures accordingly. 


= The results of tests of controls may indicate that controls are not functioning effectively, 
which will result in a higher assessment of the risks of material misstatement and more 
extensive and reliable substantive procedures. 


= Material misstatements discovered while performing substantive procedures that were 
not detected by the entity's controls are considered a significant deficiency or material 
weakness that will cause the auditor to change the judgment regarding the effectiveness of 
internal control and revise the assessed risks of material misstatement. 


= If fraud is discovered, the auditor should not assume that an identified instance of fraud 
or error is an isolated occurrence, but instead should consider whether such an instance 
affects the assessed risks of material misstatement. 


m= All audit evidence should be considered, regardless of whether it is consistent with or 
contradicts relevant assertions in the financial statements. 


4.3 Sufficiency and Appropriateness of Evidence 


The auditor uses judgment to conclude on the sufficiency and appropriateness of audit 
evidence, but should consider: 


m The achievement of audit objectives. 
= The auditor's risk assessment. 


= The significance of uncorrected misstatements and the likelihood of their having a material 
effect on the financial statements, individually or in aggregate, considering the possibility of 
further undetected misstatements. 


=m The effectiveness of management's responses and controls. 
m Experience gained during previous audits. 


= The results of audit procedures performed in the financial statement audit and in the audit 
of internal control over financial reporting (if the audit is an integrated audit), including 
whether instances of fraud or error were identified. 


=m Understanding of the entity and its environment, the applicable financial reporting 
framework, and the entity's system of internal control. 
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4.3.1 Contradictory and Supporting Information 


Auditors should take into account all audit evidence, regardless of whether the evidence 
corroborates or contradicts the assertions in the financial statements, when determining 
whether sufficient and appropriate audit evidence has been obtained. Auditors should be 
attentive when weighing audit evidence and should reduce instances in which they fail to 
consider contradictory evidence. Contradictory evidence should be documented. Often the 
discovery of contradictory evidence results in the need for additional procedures and obtaining 
more persuasive evidence. 


4.3.2 Impact of Auditor Bias 


When evaluating the results of audit procedures and the information obtained to be used 
as audit evidence, the auditor must be aware of both unconscious and conscious auditor 
biases that may have an impact on professional judgment or the auditor's ability to maintain 
professional skepticism. Examples of potential auditor biases include the following: 


= Availability Bias: The tendency to place more weight on events that are more recent, 
readily available, or top-of-mind. 


= Confirmation Bias: The tendency to place more weight on information that corroborates, 
rather than contradicts, initial conclusions. 


= Overconfidence Bias: The tendency to overestimate one's ability to make accurate 
judgments or assessments. 


= Anchoring Bias: The tendency to use initial information as an anchor against which 
subsequent information is assessed. 


= Automation Bias: The tendency to favor information generated from automated systems 
regardless of circumstances or contradictory information about the reliability of such 
information. 

4.4 Documentation Requirements 

The auditor should document: 

=m The overall response addressing assessed risk at the financial statement level. 

The nature, extent, and timing of further audit procedures. 

The linkage of those audit procedures with assessed risks at the relevant assertion level. 


The results of audit procedures. 


The conclusions reached regarding the use of prior period audit evidence in evaluating the 
current operating effectiveness of controls. 


= The basis for not using external confirmation procedures for accounts receivable, if such 
balance is material. 


= Demonstration that the information in the financial statement agrees or reconciles with the 
underlying accounting records, including disclosures. 
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Procedures to Obtain 
Evidence 


1 Standard Auditing Procedures 


In performing an audit, the auditor gathers evidence using a variety of procedures to accomplish 
specific objectives. Sampling is an aspect of the performance of most audit procedures. The 
specifics for the sampling plan (objective, population, sample size, method of selection) are 
included in the audit plan for each procedure and are documented along with the results and 
evaluation of the results. 


The following standard procedures are used in audits as risk assessment procedures, tests of 
controls, or substantive tests. 


Vie Pass Key 


C the FIVE CARROT WARS identifies the procedures used in an audit to be victorious! 


= Confirmation 


Confirmation is a specific type of inquiry that involves obtaining representations from 
independent external third parties about account balances and transactions or events. 
Examples include bank confirmations of the amount on deposit or of a loan outstanding, or a 
confirmation from a customer regarding the existence of a receivable balance at a certain date. 
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= Footing, Cross-Footing, and Recalculation 


An auditor may verify the mathematical accuracy of statements and schedules by adding 
down (footing), adding across (cross-footing), or recalculating amounts. For example, the 
auditor may substantiate the valuation of financial accounts and the allocation of items 
such as depreciation, amortization, and accruals by recalculating those items. Recalculation 
can be done manually or through the use of automated tools such as a spreadsheet or a 
Generalized Audit Software Package. 


= Inquiry 


Inquiry consists of requesting information from knowledgeable parties both internally 
(e.g., managers and supervisors) and externally (e.g., attorneys and bankers). Examples 
include inquiries about pending litigation or pledged or obsolete inventories. 


Inquiry is used extensively throughout most audits. However, inquiry of company personnel 
alone is generally considered insufficient and therefore should be used in conjunction with 
other audit procedures. In using inquiry, the auditor should: 


e Consider the specific characteristics (knowledge, objectivity, qualifications, etc.) of the 
person to whom the inquiry is directed. 


e Ask appropriate questions. 


e Evaluate the response and take appropriate action (e.g., following up with additional 
inquiry, modifying planned audit procedures, etc.) 


= Vouching 


Vouching is directional testing in which the auditor examines support for what has been 
recorded in the records and statements, going from the financial statements back to 
supporting documents. The objective of vouching is to gather evidence regarding possible 
overstatement errors (the existence or occurrence assertions). 


= Examination/Inspection 


The auditor may inspect or examine records, documents, or tangible assets (either 
physically present or through the use of remote observation tools, such as drone cameras 
or a video transmission). Records or documents may be internal or external, and may be in 
paper or electronic form. 


Inspection or examination generally provides evidence about the existence assertion, rather 
than about ownership, rights, obligations, or valuation. Examination may also provide 
evidence of the terms of contracts, loans, and commitments. The procedure of inspecting 
documents is often referred to as examination of evidence, and includes the activities of 
scanning, scrutinizing, and reading. For example, the auditor may scan or scrutinize entries 
in general ledger accounts for a period, looking for evidence of unusual amounts or unusual 
sources of input, which, if found, would be investigated further. The auditors should read 
the minutes of the board of directors' meetings, shareholder meetings, and management 
committee meetings. Automated tools such as text-recognition programs may be used to 
examine large populations of documents for key items. 


= Cutoff Review 


The auditor should perform a cutoff review of year-end transactions, especially inventory, 
cash, purchases, sales, and accruals. 


= Analytical Procedures 


Analytical procedures consist of evaluations of financial information made by a study of 
meaningful relationships among data, to help highlight unusual fluctuations that could be 
the result of errors or fraudulent omissions or overstatements. 
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Analytical procedures also include comparisons within the current year's financial 
statements for internal consistency. For example, net income on the income statement 
should agree with the increase in retained earnings on the statement of retained earnings. 


Scanning also may be considered an analytical procedure, as the auditor uses professional 
judgment to search for large, significant, or unusual items in the accounting records. 


= Reperformance 


Reperformance occurs when an auditor independently performs procedures or controls 
that were originally performed as part of an entity's internal control. 


= Reconciliation 


Reconciliation substantiates the existence and valuation of accounts. It involves comparing 
financial amounts from two independent sources for agreement, such as reconciling the 
physical inventory count with the perpetual inventory records. Other examples include 
reconciling the cash balance per the books with the balance per bank, and reconciling lead 
schedules to general ledger amounts. 


= Observation 


Observation occurs when an auditor looks at a process or procedure performed by others 
(either by being physically present or through the use of remote observation tools). For 
example, at the beginning of an audit, the auditor may tour the client's facilities to gain an 
understanding of the client's business, or the auditor may observe the client's employees 
taking a physical inventory to obtain firsthand knowledge regarding ending inventory. 


Note that although observation provides the auditor with direct personal knowledge, the 
evidence provided applies only to the point in time during which the observation occurred. 
The auditor should also be aware that a process or procedure may be performed differently 
when the client is aware that the auditor is observing. 


=m Tracing 


As with vouching, tracing is directional testing. However, tracing is looking for coverage 
in the opposite direction from vouching. Tracing starts with the source documents and 

traces forward to provide assurance that the event is being given proper recognition in 

the books and records. The objective of tracing is to gather evidence regarding possible 
understatement errors (the completeness assertion). 


= Walk-through 


A walk-through includes questioning an entity's personnel about their understanding 

of what is required by the entity's prescribed procedures and controls at the points at 
which important processing procedures occur. Walk-through procedures may include a 
combination of inquiry, observation, inspection of relevant documentation, recalculation, 
and control reperformance. 


= Auditing Related Accounts Simultaneously 
Certain accounts can be audited simultaneously, such as: 
e Long-term liabilities and interest expense 
e Capital additions to plant and equipment, and repairs and maintenance expense 
e Investments and dividend and interest income 
= Representation Letter 


At the conclusion of fieldwork, the independent auditor must obtain a management 
representation letter from the client. 
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= Subsequent Events Review 


The auditor is required to perform certain procedures for the period after the balance 
sheet date through the date of the auditor's report. Evidence not available at the close of 
the period often becomes available before the auditors complete their fieldwork and write 
their report. For example, the bankruptcy of the auditor's client's customer shortly after 
the balance sheet date indicates that the financial strength of the customer had probably 
deteriorated before year-end. 


The settlement of a pending lawsuit constitutes evidence that a real (rather than a 
contingent) liability may have existed at year-end. Decreases in long-term debt occurring 
after year-end may indicate that such debt should be reported as a current liability on the 
balance sheet. Evidence becoming available after the balance sheet date should be used in 
making judgments about the valuation of assets and liabilities on the balance sheet date. 


2 Types of Audit Procedures 


2.1 Substantive Procedures 


Substantive procedures are designed to detect material misstatements at the assertion level. 
They consist of: 


1. tests of details applied to transactions, balances, and disclosures; and 


2. substantive analytical procedures. 


2.1.1. Tests of Details 


Tests of details consist of audit procedures used to gather evidence to support the account 
balances as reflected in the financial statements. Tests of details are performed on ending 
balances, the details of transactions, or a combination of the two. 


m= If an account has a high turnover rate with many transactions occurring during the year, 
the auditor generally will concentrate testing on the ending balance. When this approach is 
used, the auditor must be satisfied that internal control is strong. 


=m Analternative approach is to test the details of transactions. This approach is employed 
when the account being substantiated has relatively few transactions occurring during the 
year (e.g., an account for land or treasury stock). 


= One approach need not be used exclusively, and a combination of the two might be 
appropriate. For example, during an audit of the sales revenue account, the auditor 
uses procedures to substantiate the ending balance while also performing extensive 
procedures on samples of transactions and related accounts (e.g., cash receipts and 
accounts receivable). 


The auditor may test the details supporting transactions, balances, and disclosures through 
inspection, observation, inquiry, confirmation, recalculation, reperformance, etc. 


2.1.2 Analytical Procedures 


Analytical procedures are evaluations of financial information made by a study of plausible 
relationships among both financial and nonfinancial data, and they generally involve 
comparisons of recorded amounts to independent expectations developed by the auditor. The 
auditor must use analytical procedures for planning and overall review in all audits, and also 
may decide to use analytical procedures as substantive tests. 
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The following chart summarizes the use of analytical procedures: 


Phase Requirement Purpose 
Planning Required To assist the auditor in understanding the entity and 
its environment. 


Used during risk assessment to alert the auditor to problem 
areas requiring attention. This serves a vital planning function. 


Substantive | Not required As a substantive test to obtain audit evidence about specific 
procedures management assertions related to account balances 
or transactions. 


The evidence is circumstantial and generally additional 
corroborating evidence (such as documentation) must 
be obtained. 


Final review | Required To assist the auditor in the final review of the overall 
reasonableness of account balances. 


2.2 Substantive Analytical Procedures 


In certain situations, analytical procedures are a more effective and efficient means of gathering 
evidence than tests of details, and in those cases, analytical procedures may be used as 
substantive tests. 


2.2.1 Designing and Performing Substantive Analytical Procedures 


When designing and performing analytical procedures as substantive procedures, the auditor 
should do the following: 


1. Determine the analytical procedures that are suitable for testing the assertion(s), taking into 
account the assessed risks of material misstatement and tests of details. 


If using audit data analytics (ADAs), the auditor should select an ADA procedure that best fits 
the intended purpose and objectives of the procedure as well as determine the techniques, 
tools, graphics, and tables that may be used. 


2. Evaluate the reliability of the data from which the auditor's expectation is to be developed. 
The following factors are relevant when determining whether the data is reliable: 


e The source and comparability of the information 
e The nature and relevance of the information 
e Controls over the preparation of the information 


3. Develop an expectation of recorded amounts or ratios and evaluate whether the 
expectation is sufficiently precise to identify material misstatement. Expectations may be 
developed based on: 


e — financial information for comparable prior periods; 
e anticipated results from budgets and forecasts; 

e relationships among data within the current period; 
e industry norms; and 


e — relationships of financial data with nonfinancial information. 
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4. Perform the analytical procedures and compare the results of the analytical procedures with 
the expectations. 


5. Investigate any significant differences by: 


e inquiring of management and obtaining appropriate evidence relevant to 
management's responses; and 


e performing other audit procedures as necessary. 


2.2.2 Efficiency and Effectiveness of Analytical Procedures 


The efficiency and effectiveness of analytical procedures in detecting potential misstatements 
depends, among other things, on the following factors. 


1. Nature of the Assertion Being Tested 


Analytical procedures are most effective and efficient for assertions in which potential 
misstatements are not apparent from an examination of the detailed evidence or when 
such detail is unavailable. 


2. Plausibility and Predictability of the Data Relationship 


In order to use analytical procedures as a substantive test, the auditor must have a clear 
understanding of the relationships among data. It is possible that data may appear to be 
related when in fact they are not, and failure to properly understand such situations may 
lead to erroneous conclusions. 


In order to provide an appropriate level of assurance, analytical procedures should be 
based on predictable relationships. More predictable relationships are provided by data 
generated in a stable, rather than dynamic, environment; involve income statements, 
rather than just balance sheet accounts; and involve transactions that are less subject to 
management discretion. 


3. Availability and Reliability of Data Used to Develop the Expectation 


Data used by the auditor to develop expectations should be both readily available and 
reliable. Reliability of data is enhanced if it is obtained from external rather than internal 
sources, obtained from independent internal sources (i.e., unrelated to those who are 
responsible for the amount being audited), generated under effective internal controls, 
audited previously, and obtained from a variety of sources. 


4. Precision of the Expectation 


More precise expectations are more effective in detecting misstatements. An expectation is 
more precise when it is developed at a sufficiently detailed level, and when there is effective 
identification and consideration of factors that significantly influence the relationship. 
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5. Methods Used to Develop the Auditor's Expectation 
Below are some examples of methods that the auditor may use to develop the auditor's 


expectation: 


Method 


Trend analysis 


Description 


Compare financial 
statement item or account 
balance for the current 
period with prior periods. 


Best Used When: 


Amount/relationship is 
fairly predictable and 
operations are stable. 


Procedures to Obtain Evidence 


Level of Assurance 


Trend analysis is often 
used with other audit 
procedures, as trend 
analysis results in a 
relatively imprecise 
auditor's expectation 
that provides only a 
low level of assurance. 


Ratio analysis 


Ratios are calculated 
based on known 
relationships among 
accounts or nonfinancial 
information and 
compared with the same 
ratio for prior periods or 
with comparable entities. 


Analyzing data at a 
disaggregated level 
(e.g., by segment, 
product, location). 


Ratio analysis is often 
used with other audit 
procedures, as ratio 
analysis results in a 
relatively imprecise 
auditor's expectation 
that provides only a 
low level of assurance. 


Nonstatistical 
predictive 
modeling 


Regression 
analysis 


because it: 


Uses predictive model 
to estimate financial 
statement amount. 


Advanced statistical 
technique that often uses 
data from prior period(s) 
to develop a model to 
predict future periods. 


Creating expectation 
based on simple 
variables. 


Creating expectation 
based on several 
independent variables. 


Regression analysis has several advantages over the other methods discussed in this chart 


e Provides an explicit, mathematically objective, and precise method for forming an expectation. 
e Allows inclusion of a large number of independent variables. 


e Provides direct and quantitative measures of the precision of the expectation. 


May provide a very 
high level of precision 
and may be used as the 
principal substantive 
procedure. 


May provide a very 
high level of precision 
and may be used as the 
principal substantive 
procedure. 


2.2.3 Documentation Requirements 


When an analytical procedure is used as the principal substantive test of a significant financial 
statement assertion, the auditor is required to document: 


= The auditor's expectation. 
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The results of such additional procedures. 


Factors considered in the development of the expectation. 


The results of the comparison of the expectation to recorded amounts. 


Additional audit procedures performed in response to significant unexplained differences. 
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2.2.4 Limitations of Analytical Procedures 


Analytical review comparisons are based on expected plausible relationships among data. 
Differences do not necessarily indicate errors or fraud, but simply indicate the need for further 
investigation. Changes in an account, changes in accounting principle, and inherent differences 
between industry norms and the client all contribute to fluctuations in expected amounts. 


2.2.5 Analytical Procedures Used as an Overall Review 


Analytical procedures are required during the overall review stage of an audit. Generally, a 
manager or partner who has a comprehensive knowledge of the client's business and industry 
reads the financial statements and disclosures and performs this review. 


The purpose of applying analytical procedures during the overall review stage of an audit is to 
evaluate the overall financial statement presentation, to assess the conclusions reached, and to 
assist in forming an opinion on whether the financial statements as a whole are free of material 
misstatement. The auditor should determine whether adequate evidence has been gathered 

in response to unusual or unexpected balances identified during the audit. The auditor may 
also discover additional unusual or unexpected balances, transactions, events, or relationships, 
including fraud risks, during this overall review, and should consider whether additional audit 
procedures are warranted. 


The nature and extent of the analytical procedures performed during the overall review may be 
similar to the analytical procedures performed as risk assessment procedures, including the use of 
audit data analytics. In addition, the auditor may consider updating ratios and data analytics used 
as risk assessment procedures to include the most recent financial statement numbers, especially 
if management has made significant adjustments to the financial statements. The auditor should 
perform analytical procedures relating to revenue through the end of the reporting period. 


2.3. Directional Testing: Existence and Completeness 

Directional testing refers to testing either forward or backward. 

1. Tracing forward from source documents to journal entries provides evidence of completeness. 
2. Vouching backward from journal entries to source documents provides evidence of existence. 


VOUCH 


Testing for existence 
Testing for support 


Vouk 


Financial statements 
Trial balance 
General ledger 
Subsidiary ledger 
Books of original entry 
Source documents 
Execution of event 


Transaction approved 


‘Tesee 
TRACE 


Testing for completeness 
Testing for coverage 
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Many exam questions require the candidate to determine which assertion is being tested 
by a specific audit procedure. Remember that if a test starts with items in the financial 
statements, the proper assertion is most likely to be existence—the auditor searches for 
evidence indicating that the item truly exists and has not been created by management. If 
a test starts with source documents, however, it is most likely related to the completeness 
assertion, because the goal probably is to make sure all transactions (as identified by the 
source documents) have been included in the financial statements. 


The auditor starts 
with the accounts 


Accounting Records 


Balance Sheet [Excerpt] 
As of December 31, Year 2 
Assets 
Cash 
Accounts receivable, less allowance of $15 
Inventory 


Trial Balance [Excerpt] 
December 31, Year 2 
Debit Credit 
Cash $60 
Accounts receivable 95 Vv 
Allowance for doubtful accounts 


General Ledger 
December 31, Year 2 
Date Explanation Debit Credit Balance 
01/01/X2__ Beg. Balance $10 $ 10 
05/10/X2_ See JE No. 1 90 100 
08/10/X2 See JE No. 2 40 140 
See JE No. 3 85 
See JE No. 4 10 95 


Subsidiary Ledger-Accounts Receivable 
As of December 31, Year 2 
Evan Grocery $20 
Jacob Grocery 40 
Noah's Fruit Store _35 
Total $95 


receivable (a/r) 
balance from the 
balance sheet. 


The auditor verifies 
that the total from 
the balance sheet 
agrees to the trial 
balance (net a/r of 
$80 = $95 gross a/r 
— $15 allowance). 


The auditor verifies 
that the total from 
the trial balance 
agrees with the 
ending general 
ledger (g/l) balance. 


The auditor agrees 
the g/l balance 
to the subsidiary 
ledger and then 
examines the source 
documents (sales 


order, shipping 
documentation 
and sales invoice) 
for asample of 
customers from the 
subsidiary ledger. 


Suisa| 9dua}sixy 


Note: If the existence assertion is being tested, then the direction of testing is backward 
(downward). On the exam, the existence assertion does not always have to be from the financial 
statements all the way to the source documents. For example, it may be from the financial 
statements to the general ledger. 
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2.4 External Confirmation 


External confirmation is a form of audit evidence obtained as a direct written response to 
the auditor from a third party, either in paper form or by electronic or other medium. An 
oral response to a confirmation request does not meet the definition of an external confirmation. 
Confirmations usually involve obtaining representations about account balances and 
transactions or events. Confirmations also can be used to confirm the terms of agreements, 
contracts, or transactions between an entity and other parties, or to confirm the absence of 
certain conditions, such as side agreements. 


Ved Pass Key 


The auditor's direct access to information held by a third party meets the definition of 

an external confirmation if the auditor is provided by the third party with electronic 
access codes or information necessary to access a secure website where data is held that 
addresses the subject matter of the confirmation. When access is provided to the auditor 
by management, the evidence obtained by the auditor does not meet the definition of an 
external confirmation. 


2.4.1 Positive Confirmation vs. Negative Confirmation 


A positive confirmation is a request that the confirming party respond directly to the auditor 
by providing the requested information or by stating that the party agrees or disagrees with 
the information in the request. A negative confirmation is a request that the confirming party 
respond directly to the auditor only if the confirming party disagrees with the information in 
the request. 


2.4.2 External Confirmation Procedures 

The auditor should maintain control over external confirmation requests, including: 
= Determining the information to be confirmed or requested. 

= Selecting the appropriate confirming party or parties. 


= Designing the confirmation requests. Factors to be considered when designing confirmation 
requests include: 


e The assertion(s) being addressed 

e Identified risks of material misstatement, including fraud 

e The layout and presentation of the request (e.g. positive or negative) 
e Prior experience on the audit 

e The method of communication (e.g., paper or electronic) 


e Management's authorization or encouragement to the confirming parties to respond to 
the auditor 


e The ability of the confirming party to provide the requested information 


m Sending the requests, including follow-up requests when necessary, to the confirming party 
or parties. 
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2.4.3. Management's Refusal to Allow External Confirmation Procedures 


If management refuses to allow the auditor to perform external confirmation procedures, the 
auditor should evaluate the validity and reasonableness of management's refusal; evaluate the 
effect of the refusal on the risks of material misstatement, including the risk of fraud, and on 
the nature, extent, and timing of other audit procedures; and perform alternative procedures. 
If the auditor determines that management's refusal is unreasonable or the auditor is unable 
to obtain sufficient appropriate evidence from alternative procedures, the auditor should 
communicate with those charged with governance and determine the implications for the 
auditor's opinion. 


2.4.4 Results of External Confirmation Procedures 


= Reliability of Responses to Confirmation Requests 


All confirmation responses carry some risk of interception, alteration, or fraud. If the auditor 
determines that a response to a confirmation request is not reliable, the auditor should 
evaluate the implications on the assessment of the risks of material misstatement, including 
fraud, and on the related nature, extent, and timing of other audit procedures. 


When responses are received electronically, the auditor may address the reliability of 
the responses by directly contacting the confirming party to validate the identity of the 
sender and the accuracy of the information received. An electronic confirmation system 
or a process that creates a secure confirmation environment may mitigate the risks of 
interception or alteration. 


= Confirmation Nonresponses 


A nonresponse is a confirmation request returned undelivered or a failure of the confirming 
party to respond, or fully respond, to a positive confirmation request. The auditor may 

send additional confirmation requests when a previous request has not been received 
within a reasonable time. For each confirmation nonresponse, the auditor should perform 
alternative procedures. 


Anonresponse to a confirmation request may indicate a previously unidentified risk of 
material misstatement. For example, a greater number of nonresponses than expected may 
indicate a previously unidentified fraud risk factor. 


= Oral Responses 


An oral response to a confirmation request does not meet the definition of an external 
confirmation because it is not a direct written response. If the auditor has not concluded 
that a direct written response to a positive confirmation is necessary to obtain sufficient 
appropriate audit evidence, the auditor may take an oral response into consideration when 
designing the alternative audit procedures required to be performed for nonresponses. 


= Exceptions 


An exception is a response that indicates a difference between the information in the 
entity's records and the information provided by the confirming party. All exceptions should 
be investigated to determine whether they are indicative of material misstatement, fraud, or 
deficiencies in internal control over financial reporting. Exceptions that result from timing or 
measurement differences, or clerical errors, do not represent material misstatements. 
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3 sReview of Relevant Assertions 


The main assertions relevant to the audit of account balances, transactions, and the related 
disclosures are outlined below. 


3.1 Account Balances and Related Disclosures (CVERUP) 


When audit procedures relate to asset, liability, and equity account balances, the most relevant 
assertions are: 


= Completeness 


All assets, liabilities, and equity interests that should have been recorded have been 
recorded and all appropriate disclosures have been made. 


= Valuation, Allocation, and Accuracy 


Assets, liabilities, equity interests, and disclosures are recorded fairly and at appropriate 
amounts, and any resulting valuation or allocation adjustments are appropriately recorded 
and disclosed. 


=m Existence and Occurrence 
Assets, liabilities, and equity interests exist. 
= Rights and Obligations 


The entity holds or controls the rights to assets, and liabilities are the obligations of the 
entity and related information has been appropriately disclosed. 


=m Understandability of Presentation and Classification 


Financial information is appropriately presented and described and disclosures are 
clearly expressed. 


Ves Pass Key 


When auditing asset balances, the auditor generally focuses on testing the existence 
assertion (rather than the completeness assertion) because assets are more likely to be 
overstated (existence) than understated (completeness). The auditor generally focuses on 
testing the completeness assertion for liability balances, because liabilities are more likely 
to be understated than overstated. 


3.2. Transactions, Events, and Related Disclosures (COVEUP) 
When testing transactions, the most relevant assertions are: 
= Completeness 


All transactions and events that should have been recorded have been recorded 
and disclosed. 


= Cutoff 


Transactions and events have been recorded in the correct accounting period. 
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= Valuation, Allocation, and Accuracy 


Amounts and other data relating to recorded transactions and events have been recorded 
and disclosed appropriately. 


= Existence and Occurrence 
Transactions and events that have been recorded have occurred and pertain to the entity. 
m Understandability of Presentation and Classification 


Transactions and events have been recorded in the proper accounts, information is 
appropriately presented and described, and disclosures are clearly expressed. 


Ve Pass Key 


When auditing revenue transactions, the auditor generally focuses on testing the 
existence/occurrence assertion (rather than the completeness assertion) because revenues 
are more likely to be overstated (existence) than understated (completeness). The auditor 
generally focuses on testing the completeness assertion for expense transactions, because 
expenses are more likely to be understated than overstated. 


Account balances and disclosures Cc V E R UP 
Transactions, events, and disclosures Cc O V E UP 
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3.3. Matching Auditing Procedures to Specific Assertions 


Aworkable outline for developing an audit plan uses the financial statement assertions approach. 
Although audit procedures for each account balance, transaction, and disclosure vary significantly, 
a generic framework can be developed using the financial statement assertions. Certain audit 
procedures relate specifically to the six main financial statement assertions (COVERUP): 


Assertion Auditing Procedure 


Completeness 


1. 


Tracing of transactions forward, starting from source documents 
through their accounting recognition and ultimately to the 
financial statements. Note that this directional test is the opposite 
of vouching (the directional test for the existence/occurrence 
assertion). 


Analytical review procedures. The auditor should consider how 
certain items might be omitted from the account balance, such as 
unrecorded liabilities or omissions of pledged assets. 


Observation of processes and procedures. 


Cutoff 


Cutoff procedures to analyze transactions before and after year- 
end for proper accounting period recognition. 


Valuation, 
Allocation, 
and Accuracy 


Inspection of documentation supporting transactions. 
Footing and cross-footing of schedules. 


Independent recalculation. Examples would be aging of 
accounts receivable to substantiate the value of the allowance 
account, or the recalculation of depreciation charges. A prime 
area for recalculation are estimates made by the client. 


Reconciliation of supporting schedules to general ledger line 
items. 


Existence and 
Occurrence 


Confirmation of accounts with third parties. 


Observation, inspection, and examination of assets, 
processes, and procedures. (These provide very persuasive forms 
of evidence.) 


Vouching of transactions from financial statements back to 
supporting documents. 


Rights and 
Obligations 


Inspection of documentation supporting transactions, inspection 
of contracts, etc. 


Understandability 
of Presentation 
and Classification 


Inspection of documentation supporting transactions. 
Review of all related disclosures for compliance with GAAP. 


Inquiry of management regarding disclosures for the account 
and for related accounts. 


This basic financial statement assertion outline is by no means a complete audit plan, but it 
provides a good starting point when addressing audit plans for a given account. 
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y / Sampling: Part 1 


1 ‘Introduction 


1.1 Selecting Items for Testing 


Designing substantive procedures and tests of controls includes determining the means of 
selecting items for testing. The following methods can be used: 


1.1.1 Selecting All Items 


Selecting all items in an account or all occurrences of a control may be done when the 
population consists of a small number of high-dollar-value items, the audit procedure can be 
automated and applied to the entire population, or the audit procedure is designed to respond 
to a significant risk and other means of selecting items for testing do not provide sufficient 
appropriate evidence. 


1.1.2 Selecting Specific Items 


Selecting specific items refers to the testing of all items in a population that have a specific 
characteristic, such as testing key items that are important for accomplishing the objective of the 
procedure or exhibit some other characteristic, or testing all items over a certain amount. When 
specific items are selected for testing, the results of the audit procedure cannot be projected to 
the population. 


1.1.3 Audit Sampling 


Audit sampling is the application of an audit procedure to less than 100 percent of the items in 
the account balance or class of transactions for the purpose of evaluating some characteristic 
of the balance or class. Audit sampling is especially useful in cases in which an auditor has no 
special knowledge about likely misstatements contained in account balances and transactions. 


1.2 Audit Sampling Overview 


When auditors sample from a population (universe), the assumption is that the sample is 
representative of the population (i.e., the characteristics of the sample are comparable to the 
characteristics of the population). 


Inherent in audit sampling is the concept of sampling risk. This is the risk that the sample is not 
representative of the population and that the auditor's conclusion will be different from the 
conclusion had the auditor examined 100 percent of the population. 
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Rule 1: Always assume that the population being sampled is normally distributed, that is, it 
can be described by a "normal," or "bell-shaped," curve. 


Rule 2: For the estimates that the CPA makes about the population to have mathematical 
validity, the samples have to be unrestricted and randomly selected, which means that: 


e Every item in a population must have an absolutely equal chance of being selected. 


e The CPA cannot use "bias" in deciding which items will be selected. No substitute items 
may be used. 


Rule 3: If the sample is large enough and is randomly selected, the sample will likely 
have the same statistical characteristics (mean and standard deviation) as the underlying 
population; that is, it will be representative of the population. 


Rule 4: Standard deviation is a measure of "variability," which refers to the range of values 
within the population. 


1.3. Sampling Methods 


Audit sampling methods can be either statistical or nonstatistical. Both approaches require the 
use of professional judgment. 
1. Statistical Sampling 


In statistical sampling, auditors specify the sampling risk they are willing to accept and then 
calculate the sample size that provides that degree of reliability. Results are evaluated 
quantitatively. 


2. Nonstatistical Sampling 


In nonstatistical sampling, the sample size is not determined mathematically. Auditors use their 
judgment in determining sample size, and sample results are evaluated using auditor judgment. 


1.4 Sufficient Audit Evidence 


Either a statistical or a nonstatistical approach is acceptable under generally accepted auditing 
standards. When properly applied, either method should result in a sample size that provides 
sufficient audit evidence. 


=m The sufficiency of audit evidence is related to the design and size of the sample. 


=m The size of asample depends on the objectives and the design of the sample. Careful design 
generally produces a more efficient sample (i.e., one that achieves its objectives with a 
smaller sample size). 


1.5 Professional Judgment 


Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for 
professional judgment. The auditor must exercise professional judgment in both statistical and 
nonstatistical sampling to: 


1. identify the population and the sampling unit; 


2. select the appropriate sampling method; 
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evaluate the appropriateness of audit evidence; 
evaluate the nature of deviations or errors; 


consider sampling risk; and 


au PF WwW 


evaluate the results obtained from the sample and project those results to the population. 


Va Pass Key 


Many questions try to trick the candidate into thinking that statistical sampling eliminates 
the need for auditing judgment. This is completely false. Although statistical sampling is a 
quantitative approach, judgment is required to set many of the parameters and to evaluate 
the overall results. 


1.6 Statistical Sampling 


1.6.1 Advantages of Statistical Sampling 

Statistical sampling enables the auditor to: 

=m Measure the sufficiency of the audit evidence obtained. 

= Provide an objective basis for quantitatively evaluating sample results. 
= Design an efficient sample. 
. 


Quantify sampling risk to limit risk to an acceptable level. 


1.6.2 Random Sample Selection 
Random sample selection methods should be used in statistical sampling. Such methods give all 
items in the population an equal chance to be included in the sample to be audited. 


1.7. Use of Sampling 
1.7.1 Types of Sampling 


Auditors may use sampling procedures to estimate many different characteristics of 
populations, but generally estimates are either of a rate of occurrence (attribute sampling) or of 
a numerical quantity (variables sampling or probability-proportional-to-size [PPS] sampling). 


= Attribute sampling is primarily used for testing controls. 


= Variables sampling and PPS sampling are typically used in substantive testing of 
account balances. 


Pass Key 


Remember that attribute sampling is more likely to deal with tests of controls, and 
variables sampling generally deals with dollar values. Often the attribute sampling 
application can be identified by finding the option that deals with yes-or-no questions (e.g., 
is the invoice properly approved?). 
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1.7.2 Situations in Which Sampling May Not Apply 
Sampling concepts generally do not apply to: 


=m Risk assessment procedures performed to obtain an understanding of the system of 
internal control. 


= Tests of automated information processing controls when effective general IT controls are 
present. (Generally, such controls would only be tested once or a few times.) 


= Analyses of security and access controls, or other controls that do not provide documentary 
evidence of performance (e.g., controls related to segregation of duties). 


= Some tests related to the operation of the control environment or the accounting system (e.g., 
examination of the effectiveness of activities performed by those charged with governance). 


2 Uncertainty and Audit Sampling 


2.1 Audit Risk 


Audit risk is the uncertainty inherent in applying audit procedures. Audit risk includes both: 
1. uncertainties due to sampling; and 
2. uncertainties due to factors other than sampling. 


2.2 Sampling Risk 


Sampling risk arises from the possibility that, when a test of controls or a substantive test is restricted 
to asample, the auditor's conclusions may be different from the conclusions that would have been 
reached had the tests been applied to all items in the account balance or class of transactions. 


2.2.1 Sampling Risks in Substantive Testing 
In performing substantive tests of details, the auditor is concerned with two aspects of sampling risk. 


1. Risk of Incorrect Acceptance: The risk of incorrect acceptance is the risk that the sample 
supports the conclusion that the recorded account balance is not materially misstated 
when in fact it is materially misstated (i.e., sample results fail to identify an existing 
material misstatement). 


2. Risk of Incorrect Rejection: The risk of incorrect rejection is the risk that the sample supports 
the conclusion that the recorded account balance is materially misstated when in fact it is not 
materially misstated (i.e., sample results mistakenly indicate a material misstatement). 


An auditor was testing the existence accounts receivable through confirmation. Based 
on the results of the confirmations received, the auditor concluded that the accounts 
receivable balance was materially correct and issued an unmodified opinion. 


However, if the auditor tested the entire accounts receivable balance, the auditor would 
have concluded that the balance was materially misstated. 


This scenario represents risk of incorrect acceptance. When an auditor samples a population, 
there is always the risk that the sample may not represent the population. This is what 
occurred. The sample showed that the accounts receivable balance was not misstated. 
However, the actual account balance of accounts receivable was misstated. 
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2.2.2 Sampling Risks in Tests of Controls 


In performing tests of controls, the auditor is also concerned with two aspects of sampling risk: 


1. 


Risk of Assessing Control Risk Too Low 


The risk of assessing control risk too low is the risk that the assessed level of control risk 
based on the sample is less than the true risk based on the actual operating effectiveness 
of the control (i.e., sample results indicate a lower deviation rate than actually exists in 
the population). 


Risk of Assessing Control Risk Too High 


The risk of assessing control risk too high is the risk that the assessed level of control 
risk based on the sample is greater than the true risk based on the actual operating 
effectiveness of the control (i.e., sample results indicate a greater deviation rate than 
actually exists in the population). 


An auditor is sampling controls for cash disbursements for Year 2. The auditor decides to 
test the operating effectiveness of a control that requires checks greater than $10,000 to 
have a signature from both the chief executive officer and the treasury manager. 


One hundred checks written in Year 2 had an amount greater than $10,000. The auditor 
selected 10 of those checks. All 10 of those checks had the required signatures. Therefore, 
the auditor concluded that the control was operating effectively and assessed the control 
risk as low. The auditor then planned to obtain less persuasive evidence for substantive 
testing (e.g., decrease sample size.) 


However, if the auditor had reviewed the remaining 90 checks, the auditor would have seen 
that 89 of the 90 checks had only one signature. The auditor would have concluded that the 
control was not operating effectively and assessed control risk as high. 


This scenario represents risk of assessing control risk too low. The sample showed that 
the control was operating effectively when, in fact, it was not. In other words, the sample 
indicated a lower deviation rate (0 percent) than the actual deviation rate (89 percent) in 
the population. 


Das Pass Key 
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Sampling risk can be thought of as the chance that, based on the results of a sample, the 
auditor will make a mistake. There are two primary mistakes the auditor can make: the 
auditor may fail to identify an existing problem (incorrect acceptance and assessing control 
risk too low), or the auditor may falsely identify a problem where none actually exists 
(incorrect rejection or assessing control risk too high). 
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2.2.3 Efficiency 


The risk of incorrect rejection and the risk of assessing control risk too high relate to the 
efficiency of the audit (the auditor does more audit work than is necessary). When the auditor's 
evaluation of an audit sample leads the auditor to this erroneous conclusion, the application 
of additional audit procedures and consideration of other audit evidence ordinarily leads the 
auditor to the correct conclusion. 


2.2.4 Effectiveness 


The risk of incorrect acceptance and the risk of assessing control risk too low relate to the 
effectiveness of an audit in (possibly not) detecting an existing material misstatement. Auditors 
usually accept a risk of 5 or 10 percent. A related concept is that of confidence level (also called 
reliability). The auditor is 95 percent (or 90 percent) confident that the sample is representative 
of the population. (Note: Risk [of being ineffective] + Confidence level = 100 percent.) 


2.2.5 Summary Charts 


The following two charts summarize the possible outcomes. 


Substantive Tests of Details 


The recorded value of the population is: 
OK Not OK 


e Incorrect decision 


e Risk of incorrect 


OK e Correct decision 
acceptance 


The sample indicates 
that the population is: 


Not effective 


Not OK 


e Incorrect decision 


e Risk of incorrect 
rejection 


e Not efficient 


Correct decision 


Tests of Controls 


The true operation of the control is: 


OK 


Not OK 


Incorrect decision 


Risk of assessing control 


control risk too high 


e Not efficient 


OK e Correct decision : 
risk too low 
The sample indicates Not effective 
that the control's — 
operation is: e Incorrect decision 
Not OK * Risk of assessing Correct decision 
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2.3. Nonsampling Risk 


Nonsampling risk includes all aspects of audit risk that are not due to sampling. Nonsampling 
risk is always present and cannot be measured; the auditor can only attempt to reduce this risk 
to a very low level through adequate planning and supervision of the audit engagement and 
quality control of all firm practices. Examples of nonsampling risk are selecting audit procedures 
that are not appropriate to achieve a specific objective, and failure by the auditor to recognize 
misstatements in documents examined. 


3 Sampling in Tests of Controls: Attribute Sampling 


3.1. Purpose 


Attribute sampling is a statistical sampling method used to estimate the rate (percentage) 

of occurrence (exception) of a specific characteristic (attribute). Samples taken to test the 
operating effectiveness of controls are intended to provide a basis for the auditor to conclude 
whether the controls are being applied as prescribed. Attribute sampling generally deals with 
yes-or-no questions. For example, "Are time cards properly authorized (i.e., to assure recorded 
hours were worked)?" or, "Are invoices properly voided (e.g., stamped "paid") to prevent 
duplicate payments?" 


3.2 Planning Considerations 


When planning a particular audit sample for tests of controls, the auditor applies professional 
judgment in considering: 


= The relationship of the sample to the objective of the test of controls. 
= The tolerable deviation rate. 


e The tolerable deviation rate is the maximum rate of deviation from a prescribed 
procedure the auditor will tolerate without modifying planned reliance on a control. 


e In assessing the tolerable rate of deviation, the auditor should consider that although 
deviations from pertinent controls increase the risk of material misstatements in the 
accounting records, such deviations do not necessarily result in misstatements. 


=m The auditor's allowable risk of assessing control risk too low. 


= Characteristics of the population (i.e., the expected or likely rate of deviation). 
3.3. Deviation Rate vs. Tolerable Rate 


3.3.1 Deviation Rate 


The deviation rate in the sample is the auditor's best estimate of the deviation rate in the 
population from which it was selected. 
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Students often mistakenly assume that the sample deviation rate also should be used as 
the estimated error rate in the total population. Consider the following example: Assume 
a population of 1,000 items, a sample of 100 items, and 7 deviations identified within the 
sample of 100 (a 7 percent sample deviation rate). While our best guess would be that 
there are 70 deviations in the entire population (also a 7 percent rate), it is unlikely that, 
if we were to individually examine each of those 1,000 items, we would find exactly 70 
deviations. More likely, we might find 68, 69, 71, or 72 deviations. There are statistical 
formulae that determine whether the actual range is 68 to 72, 60 to 80, or something 
different, and there are tables available that provide the top end of the range. (As 
conservative auditors, we are concerned with the worst-case scenario, so we generally do 
not bother with the low end of the range.) The top end of the range is formally known as 
the "upper deviation rate." 


3.3.2 Evaluation 


If the estimated deviation rate is less than the tolerable rate for the population, the auditor 
should consider the risk that such a result might be obtained even though the true deviation 
rate for the population exceeds the tolerable rate for the population. 


For example, assume that the tolerable rate for a population is 5 percent and the sample 
consists of 60 items: 


= If no deviations are found in the sample of 60 items, the auditor may conclude that there is 
an acceptably low sampling risk that the true deviation rate in the population exceeds the 
tolerable rate of 5 percent. (This is because the sample deviation rate is much less than the 
tolerable rate.) 


m= Ifthe sample includes two or more deviations (2 in 60 = 3.33 percent), the auditor may 
conclude that there is an unacceptably high sampling risk that the rate of deviations in the 
population exceeds the tolerable rate of 5 percent. (This is because the sample deviation 
rate is close to the tolerable rate.) 


= The auditor applies professional judgment in making such evaluations. 


3.3.3. Conclusion 


If the auditor concludes that the sample results do not support the planned assessed level of 
control risk for an assertion, the nature, extent, and timing of substantive procedures should 
be reevaluated based on a revised consideration of the assessed level of control risk for the 
relevant financial statement assertions. 


3.4 Attribute Sampling Example 
The auditor performs the following steps when conducting an attribute sampling application. 


1. Define the Objective of the Test 


Assume that the auditor wants to determine the percentage of sales orders that are missing 
credit approval. 
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2. Identify the Population 


The population must be appropriate for the objective. The period covered by the test should 
also be defined. 


e In this example, the population would consist of all sales orders used during the year. 


e If tests of controls are performed at an interim date, the auditor must perform such 
additional procedures as are necessary to obtain reasonable assurance regarding the 
remaining period. 


3. Define the Sampling Unit 
Consider the completeness of the population in defining the sampling unit. 
e Each sales order is a sampling unit. 


e The "population" must agree with the "physical representation." Completeness would 
be more assured by a register of prenumbered sales orders than by the physical file. 
For example, sales orders may be removed from the file, but the sales order number 
will be in the register. Note that the size of a population of consecutively numbered 
documents is the difference between the beginning and ending numbers plus one. 


4. Define the Attributes of Interest 
Deviations are situations in which the control was not properly applied, such as: 
e Missing credit approval 


e Missing sales order (items that cannot be located are generally considered deviations) 


5. Determine the Sample Size 
The auditor must specify the following factors. 
e Risk of Assessing Control Risk Too Low 


This is the risk that the assessed level of control risk based on the sample is less than 
the true level of control risk based on the actual operating effectiveness of the control. 
There is an inverse relationship to sample size: As the auditor is willing to accept greater 
risk, a smaller sample size can be used. 


e Tolerable Deviation Rate 


This is the maximum rate of error the auditor is willing to accept without changing 
control risk assessment or planned reliance on internal control. There is an inverse 
relationship to sample size: As the auditor is willing to accept a greater deviation rate, a 
smaller sample size can be used. 


e Expected Deviation Rate 


This is the auditor's best estimate of the rate of deviation from a prescribed control 
procedure. There is a direct relationship to sample size: As the auditor expects fewer 
deviations, a smaller sample size would be needed. 


e Population Size 


Population size is not an issue provided the population is large (i.e., greater than 
5,000 items). 
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Example 1 Calculating Sample Size 


Facts: Assume that an auditor is testing the sales orders for credit approval deviations. Also 
assume that the auditor is willing to accept a 5 percent risk of assessing control risk too 
low. The auditor expects a deviation rate of 1 percent, and the tolerable deviation rate is 

6 percent. 


Required: 
1. Determine the sample size using Table 1, which follows. 


2. Would the sample size increase or decrease if the expected deviation rate decreased to 
0 percent? 


3. Would the sample size increase or decrease if the tolerable deviation rate increased to 
7 percent? 


4. Would the sample size increase or decrease if the risk of assessing control risk too low 
increased to 10 percent? 


Table 1: Attribute Sample Size Table 
5% Risk of Assessing Control Risk Too Low 


Expected Tolerable Rate 
ee 
hak 2% | 3% | 4% | 5% | 6% | 7% | 8% | 9% | 10% | 15% | 20% 
0.00% | 149 | 99 | 74 | 59 | 49 | a2 | 36 | 32 | 29 | 19 | 14 
0.50 * [1571117 | 93 | 78 | 6 | 58 151 | 46 | 30 | 22 
1.00 * 156 | 93 | 78 | 6 | 58 151 | 46 | 30 | 22 
1.50 * | * [492 |124 | 103 | 6 | 58 | 51 | 46 | 30 | 22 
2.00 * | * | * | 481 | 127 | 88 | 77 | 68 | 46 | 30 | 22 
3.00 * [|-* | * | * |195 [129 | 95 | 84 | 61 | 30 | 22 
4.00 * | * | * | * | * | * | 446 | 100 | 89 | 40 | 22 
Solution: 


1. The sample size is 78. 

2. The sample size would decrease. 
3. The sample size would decrease. 
4 


The sample size would decrease. 
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6. Select the Sample 


e The most common technique is random selection, whereby each item in the population 
has an equal opportunity to be included in the sample. 


e Systematic selection (i.e., every "nth" item) is also acceptable, but a disadvantage is that 
results may be skewed if errors occur in a systematic pattern. 


e Block (cluster) sampling, where groups of adjacent items are selected, is not acceptable. 


7. Evaluate the Sample Results 


The auditor calculates the sample deviation rate and projects the results to the population. 
Table 2, which follows, is used to determine the upper deviation rate, which is based on the 
deviation rate in the sample plus an allowance for sampling risk. 


e Besure to use a table that corresponds to the appropriate risk of assessing control risk 
too low (in this case, 5 percent). 


e Locate the sample size and the number of deviations found in the sample. The number 
at this intersection is the auditor's estimate of the maximum deviation rate in the 
population, or the upper deviation rate. 


e The upper (maximum) deviation rate is the sum of the sample deviation rate and 
the allowance for sampling risk. This allowance is a "cushion" for protection against 
undetected deviations. 


Sample deviation rate + Allowance for sampling risk = Upper deviation rate 


WA Pass Key 


Students often have trouble with the concepts of upper deviation rate and allowance for 
sampling risk, both of which have been tested on the exam. The allowance for sampling 
risk recognizes that it is likely that what we found in the sample isn't exactly what we 
would find in the population. Assume a population of 1,000 items, a sample of 100 items, 
and a sample deviation rate of 4 percent (4 deviations out of 100). If the upper deviation 
rate (from a table) is 8.5 percent, this implies a 4.5 percent allowance for sampling risk. 
Conversely, should the examiners provide the allowance for sampling risk (say, 3.6 
percent), it would be added to the sample deviation rate (4 percent) to find an upper 
deviation rate of 7.6 percent. 
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Example 2 Evaluation of Sample Results 


Facts: Assume that the auditor finds one sales order that is missing the proper credit 
approval in a sample of 100 sales orders (i.e., one deviation). 


Required: 

1. Calculate the sample deviation rate. 

2. Determine the upper deviation rate using Table 2, which follows. 
3. What is the allowance for sampling risk? 
4 


Conclusion: The auditor is ____—»% sure the deviation rate does notexceed ss %. 
5% Risk of Assessing Control Risk Too Low 
Sample Actual Number of Deviations Found 
Size 0 1 2 3 4 5 6 7 8 9 10 
25 11.3 | 17.6 * i * * * * * * * 
50 59 9.2 | 12.1 | 14.8 | 17.4 | 19.9 7 * * i * 
60 4.9 7.7 | 10.2 | 12.5 | 14.7 | 16.8 | 18.8 i * * 7 
70 4.2 6.6 8.8 | 10.8 | 12.6 | 14.5 | 16.3 | 18.0 | 19.7 * * 
75 3.9 6.2 8.2 | 10.1 | 11.8 | 13.6 | 15.2 | 16.9 | 18.5 | 20.0 7 
100 3.0 4.7 6.2 7.6 9.0 | 10.3 | 11.5 | 12.8 | 14.0 | 15.2 | 16.4 
125 2.4 3.8 5.0 6.1 7.2 8.3 9.3 | 10.3 | 11.3 | 12.3 | 13.2 
150 2.0 3.2 4,2 5.1 6.0 6.9 7.8 8.6 9.5 10.3 | 11.1 
Solution: 


1. The sample deviation rate is 1%. 

2. The upper deviation rate is 4.7% 

3. The allowance for sample risk is 3.7% (4.7% — 1%). 

4. The auditor is 95% sure the deviation rate does not exceed 4.7%. 


8. Form Conclusions About the Internal Control Tested 


e — If the upper deviation rate is less than or equal to the auditor's tolerable deviation rate, 
the auditor may rely on the control (assuming the results of other audit tests do not 
contradict such results). 


e — If the upper deviation rate exceeds the auditor's tolerable deviation rate, the auditor 
would not rely on the control. Instead, the auditor would either: 


1. select and test compliance with some other identified control; or 


2. modify the nature, extent, or timing of related substantive tests to reflect the 
reduced reliance. 


e If the sample is representative of the population, the auditor will generally make a 
correct decision regarding whether or not the control is operating effectively. 


e If the sample is not representative of the population, the auditor will make an incorrect 
decision, either relying on a control that is not reliable, or not relying on a control that 
is reliable. 
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Example 3 Forming Conclusions on a Control 


Facts: Assume that the upper deviation rate has been determined to be 4.7 percent. 
Required: 

1. Ifthe tolerable rate is 3 percent, would the auditor rely on the control? 

2. If the tolerable rate is 6 percent would the auditor rely on the control? 


Solution: 
1. No.4.7>3 
2. Yes. 4.7 <6 


Ve Pass Key 


The examiners sometimes try to trick candidates into using the sample deviation rate 
(instead of the upper deviation rate) in drawing conclusions about a population. In keeping 
with the concept of conservatism, auditors must consider the worst-case scenario, or the 
high end of the range, in evaluating a population. It is therefore the upper deviation rate 
(and not the rate found in the sample) that is compared with the tolerable rate in 
developing conclusions. 


$0: 


Document the Sampling Procedure 


Remember that as with all audit procedures, the auditor must document each step in audit 
sampling, starting with planning and including the rationale for the auditor's parameters, 
the performance of procedures, the observed results, and the evaluation and interpretation 
of those results. 


4 Other Attribute Sampling Models 


4.1 Discovery Sampling 


Discovery sampling is a special type of attribute sampling appropriate when the auditor believes 
that the population deviation rate is zero or near zero. It is used when the auditor is looking 

for avery critical characteristic (e.g., fraud). The auditor predetermines the desired reliability 
(confidence) level (e.g., 95 percent) and the maximum acceptable tolerable rate (e.g., 1 percent), 
and a table is then used to determine sample size. 


If no deviations are found in the sample, the auditor can be 95 percent certain that the rate 

of deviation in the population does not exceed 1 percent. If deviations are found, a regular 
attribute sampling table may be used to estimate the deviation rate in the population, and audit 
procedures may need to be expanded. 


4.2 Stop-or-Go Sampling 


Stop-or-go sampling (sequential sampling) is designed to avoid oversampling for attributes by 
allowing the auditor to stop an audit test before completing all steps. It is used when few errors 
are expected in the population. 
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NOTES 
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8 Sampling: Part 2 


1. Sampling in Substantive Tests: Variables Sampling 


1.1. Purpose 


Variables sampling is a statistical sampling method used to estimate the numerical measurement 
of a population, such as a dollar value (e.g., accounts receivable balance). This sampling method 
is used primarily in substantive testing. The objective of variables sampling is to obtain evidence 
about the reasonableness of monetary amounts. The auditor estimates the true value of the 
population by computing a point estimate of the population and computing a precision interval 
around this point estimate. 


1.2 Planning Considerations 


When planning a particular sample for a substantive test of details, the auditor should consider: 
1. The relationship of the sample to the relevant audit objective. 
2. Preliminary estimates of materiality levels. 


Tolerable misstatement is the maximum monetary misstatement in the related account 
balance or class of transactions that the auditor is willing to accept. 


Wz Pass Key 


Tolerable misstatement is the application of performance materiality to a particular 
sampling procedure. Tolerable misstatement may be the same as performance materiality, 
or it may be an amount smaller than performance materiality if, for example, the 
population from which the sample is selected is smaller than the total account balance. 


3. The auditor's allowable risk of incorrect acceptance. 
The audit risk model may be useful in establishing the allowable risk of incorrect acceptance. 
4. Characteristics of the population. 


1.3. Sample Selection Considerations 


The auditor uses professional judgment to determine which items should be subject to 
sampling. Certain items may be individually examined, such as those for which potential 
misstatements could individually exceed tolerable misstatement. All (100 percent) of such items 
are examined and they are not considered to be part of the sample. 


Items subject to sampling may also be separated into relatively homogeneous groups. Each 
group is treated as a separate population. This technique, known as stratification, generally 
results in a reduced sample size. Stratification is commonly used when a population has highly 
variable recorded amounts. 
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a Pass Key 


When stratification is used, each group is treated as a separate population. For example, 
assume that 1,000 items are stratified into two groups: The 100 largest items will all be 
examined individually, but sampling techniques will be applied to the remaining 900 items. 
In this case, the population size for the sampling application would be 900, not 1,000. 


1.4 Projected Misstatement vs. Tolerable Misstatement 


1.4.1 Projected Misstatement 


Upon completion of the sampling procedures, the auditor projects the misstatement results of 
the sample to the items in the population. 


1.4.2 Evaluation 


= Ifthe total projected misstatement is less than the tolerable misstatement for the account 
balance or class of transactions, the auditor should consider the risk that such a result 
might be obtained even though the true monetary misstatement for the population exceeds 
tolerable misstatement. 


= For example, assume that the tolerable misstatement in an account balance of $1 million 
is $50,000: 


e If the total projected misstatement (based on the sample) is $10,000, the auditor may 
be reasonably assured that there is an acceptably low sampling risk that the true 
monetary misstatement for the population exceeds the tolerable misstatement of 
$50,000. (This is because $10,000 is significantly less than $50,000.) 


e If the total projected misstatement is close to the tolerable misstatement, the auditor 
may conclude that there is an unacceptably high risk that the actual error in the 
population exceeds the tolerable misstatement. 


e The auditor uses professional judgment in making such evaluations. 


1.4.3. Conclusion 


Projected misstatement results for all audit sampling applications and all known misstatements 
from nonsampling applications should be considered in the aggregate along with other audit 
evidence when the auditor evaluates whether the financial statements taken as a whole may be 
materially misstated. 


1.5. Variables Sampling Plans 


Classical variables sampling measures sampling risk by using the variation of the underlying 
characteristic of interest. There are three commonly used classical variables sampling plans. 


1.5.1 Mean-per-Unit Estimation 


Mean-per-unit (MPU) estimation is a sampling plan that uses the average value of the items in the 
sample to estimate the true population value (i.e., Estimate = Average sample value x Number 
of items in population). MPU does not require the book value of the population to estimate true 
population value. 
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1.5.2 Ratio Estimation 


Ratio estimation is a sampling plan that uses the ratio of the audited (correct) values of items to their 
book values to project the true population value. Ratio estimation is a highly efficient technique 
when the calculated audit amounts are approximately proportional to the client's book amounts. 


1.5.3 Difference Estimation 


Difference estimation is a sampling plan that uses the average difference between the audited (correct) 
values of items and their book values to project the actual population value. Difference estimation is 
used instead of ratio estimation when the differences are not nearly proportional to book values. 


1.5.4 Comparison of Methods 


m MPUis very sensitive to the variability of the population. For that reason, when using MPU, 
auditors normally stratify (or divide) the population into relatively similar groups. The 
purpose of such stratification is to reduce sample size. 


= The ratio and difference methods usually require smaller sample sizes than the MPU 
method; however, they are only effective when the auditor expects large numbers of over- 
and understatements. 


=m All three methods use the same sample size formulas and evaluation formulas. The sample 
size for the three methods varies because the standard deviations of the populations are 
calculated differently for each of the three methods. 


1.6 Variables Sampling Example 
The auditor must perform the following steps when conducting a variables sampling application. 


1. Define the Objective of the Test 


Assume that the auditor wishes to estimate the value of an account balance (e.g., the client's 
accounts receivable balance). 


2. Identify the Population 


It must be appropriate for the objective. Individually significant items should be identified 
for possible stratification. 


e  Inthis example, the population might consist of 5,000 accounts with a recorded book 
value of $4,500,000. 


e The auditor would examine 100 percent of accounts for which potential errors could 
equal or exceed the tolerable error and would exclude those accounts from the 
population to be sampled. 


3. Define the Sampling Unit 
Consider the completeness of the population in defining the sampling unit. 
e In this case, each of the 5,000 accounts is a sampling unit. 


4. Determine the Sample Size 


e The auditor uses the following parameters, in conjunction with tables or formulas, to 
determine sample size. 


—Tolerable misstatement 
— Expected misstatement (size, frequency, etc.) 


—Acceptable level of risk: audit risk, risk of incorrect acceptance, and risk of incorrect 
rejection 


© Becker Professional Education Corporation. All rights reserved. Module 8 A3-95 


Sampling: Part 2 AUD 3 


— Characteristics of the population (e.g., an estimate of the standard deviation, or 
variability, of the population) 


—Assessed risk: assessed risk of material misstatement (inherent risk and control risk) 
and assessed risk for other substantive procedures related to the same assertion 


e Sample size will increase as the following increase (direct relationship): 
— Expected misstatement 
— Standard deviation (population variability) 
—Assessed level of risk 

e Sample size will decrease as the following increase (inverse relationship): 
—Tolerable misstatement 
— Acceptable level of risk 


5. Select the Sample 


e Sample items should be selected in such a way that the sample can be expected to be 
representative of the population (e.g., random sampling). 


e — Inthis example, an appropriate sample would consist of individual account balances. 
Confirmations could then be used to determine the audited values for sample items. 


6. Evaluate the Sample Results 


The auditor projects the misstatements found in the sample to the population using one of 
several methods (e.g., MPU, ratio, difference, etc.). The projected misstatement is applied to 
the recorded balance to obtain a "point estimate" of the true balance. As shown below, the 

different methods result in different projected misstatements. 


The auditor must then add an allowance for sampling risk (sometimes called a "precision 
interval") to the point estimate. 


Example 1 Sample Evaluation 


Facts: Assume that from the population of 5,000 accounts with a total value of $4,500,000, 
the auditor selects a sample of 200 accounts with a book value of $184,200. The audited 
value of these accounts based on confirmation results is $175,000, with an average value of 
$875 ($175,000 / 200) per account. 


Required: Determine the point estimate using mean-per-unit estimation, ratio estimation, 
and difference estimation. 


Solution: 
Mean-per-unit estimation: 
$875 average value x 5,000 accounts = $4,375,000 point estimate 


Ratio estimation: 
$175,000 audited value 
$184,200 book value 


x $4,500,000 = $4,275,244 point estimate 


Difference estimation: 
$184,200 book value — $175,000 audited value 
200 


x 5,000 = $230,000 projected error 
$4,500,000 - $230,000 


$4,270,000 point estimate 
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7. Form Conclusions About the Balances (or Transactions) Tested 


e In deciding whether to accept the client's book value, the auditor determines whether 
the recorded book value falls within the acceptable range (i.e., the point estimate +/- 
the allowance for sampling risk). If so, the book value is fairly stated. 


e The auditor's treatment of items selected for sampling that cannot be located (e.g., are 
"lost") will depend on their effect on the auditor's evaluation of the sample. 


—If considering the missing items to be misstated would not alter the auditor's 
evaluation of the sample results, it is not necessary to examine the items. 


—If considering the missing items to be misstated would lead to the conclusion that 
the balance or class contains a material misstatement, the auditor should consider 
alternative procedures. 


e If the sample is representative of the population, the auditor generally will make a 
correct decision regarding whether the account balance is fairly stated. 


e If the sample is not representative of the population, the auditor will make an 
incorrect decision, either accepting a materially misstated balance, or rejecting a 
fairly stated balance. 


8. Document the Sampling Procedure 


Remember that as with all audit procedures, the auditor must document each step in audit 
sampling, starting with planning and including the rationale for the auditor's parameters, 
the performance of procedures, the observed results, and the evaluation and interpretation 
of those results. 


9. Additional Considerations When Using Audit Data Analytics (ADAs) 


When an auditor uses an ADA technique when performing tests of details, the auditor 
should select an ADA technique that best fits the intended purpose and objectives of the 
procedure as well as select the techniques, tools, graphics, and tables that will be used to 
evaluate the results. 


After performing the ADA procedure, the auditor should group the data for items that have 
common characteristics (when appropriate). For each group, the auditor should determine 
which data: 


e Do not contain misstatements (also known as false positives) 
e Contain possible misstatements that are clearly inconsequential (in aggregate) 
e Contain possible misstatements that are not clearly inconsequential (in aggregate) 


For groups that contain possible misstatements that are not clearly inconsequential (in 
aggregate), the auditor should perform further analysis to determine whether these items 
represent actual misstatements. 
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2 Sampling in Substantive Tests: 
Probability-Proportional-to-Size (PPS) Sampling 


2.1 PPS Sampling 


PPS sampling is a technique in which the sampling unit is defined as an individual dollar in a 
population. Once a dollar is selected, the entire account (containing that dollar) is audited. PPS 
sampling is considered to be a hybrid method, because it uses attribute sampling theory to 
express a conclusion in dollar amounts rather than as a rate of occurrence. 


2.1.1 Advantages of PPS Sampling 


m= PPS automatically emphasizes larger items by stratifying the sample. The chance of an item 
being selected is proportionate to its dollar amount. 


= If no errors are expected, PPS sampling generally requires a smaller sample than 
other methods. 


2.1.2 Disadvantages of PPS Sampling 
A disadvantage of PPS sampling is that zero balances, negative balances, and understated 
balances generally require special design considerations. 


2.2 PPS Sample Size Determination 


The auditor selects a PPS sample by dividing the total number of dollars in the population (book 
value) into uniform groups of dollars or intervals. The auditor then selects a logical unit (the 
balance that includes the selected dollar) from each sampling interval. 


The sampling interval is determined as follows: 


Tolerable misstatement 


Sampling interval = 
fate Reliability factor 


The sample size is determined as follows: 


Recorded amount of the population 


Sample size = — 
Sampling interval 


= Tolerable misstatement is the maximum dollar error that may exist in the account without 
causing the financial statements to be materially misstated. 


= Reliability factors correspond to the risk of incorrect acceptance and are generally obtained 
from a table. 


= The above formula assumes that the auditor's expected misstatement is zero. Otherwise, a 
more complex version of the formula is required. 
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With zero expected errors, the reliability factors are as follows: 


Risk of Incorrect Acceptance Reliability Factor 
1% 4.6 
5% EO) 
10% 2.3 


Assume that the auditor assesses tolerable misstatement at $15,000 and the risk of incorrect 
acceptance at 5 percent. The recorded amount (book value) of the population is $500,000. 


Sampling interval = $15,000/3 = $5,000 
Sample size = $500,000/$5,000 = 100 


2.3. Sample Selection 


A random number between 1 and the sampling interval (inclusive) is selected. This number is the 
random start, and it will also determine the first item selected. Systematic selection is then used 
to select the remainder of the sample. The recorded amounts of the logical units (e.g., account 
balances) throughout the population are added and individual dollars are selected based on the 
interval. Once a dollar in an account is selected, that entire account will be audited. 


Assume that the random start is 300 and the sampling interval is 5,000. Every 5,000th dollar 
will be selected, so the auditor will select the accounts that contain dollars 300; 5,300; 
10,300; 15,300; 20,300; 25,300; etc. 


Customer Account Book Value Cumulative Total 
1 $ 150 $ 150 
2, 800 950* 
8 1,400 2,350 
4 4,350 67.00% 
5 2,300 9,000 
6 4,900 13,900* 
7 8,500 22,400* 
8 990 23,390 
9 1,000 24,390 
10 1,500 25,890* 
etc. etc. 
900 $1,000 $500,000 


* Accounts including the selected dollars would be included in the sample. 


Note: Using this methodology, all account balances greater than the interval are 
automatically selected. 
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2.4 Evaluation of Sample Results 


If no errors are found in the sample, the error projection is zero and the allowance for sampling 
risk would not exceed the auditor's tolerable error. As a result, the auditor would generally 
conclude that the recorded balance is fairly stated. 


If, on the other hand, errors are found in an account, the errors need to be projected to the 
interval as illustrated below. 


If the account selected has a balance greater than the interval, the actual dollar amount of the 
error should be used. 


"A" Recorded) "B" Audit Tainting Sample _ | Projected 
Amount Amount Interval Error 

$ 800 $ 600 $ 200 $ 800 25% $5,000 $1,250 
4,350 4,350 4,350 0% 5,000 0 
4,900 0 4,900 4,900 100% 5,000 5,000 
8,500 6,900 1,600 N/A 1,600 
1,500 1,200 300 1,500 20% 5,000 1,000 
Projected Error $8,850 


Note: As with other variables sampling plans, an allowance for sampling risk would be 
calculated and added to the projected error, and the result would be compared with the 
tolerable misstatement. 


3  §©Qualitative Considerations 


For all types of sampling, the auditor should consider qualitative aspects of deviations. These include: 


= Nature and Cause of Deviations: Deviations may be caused by errors, which are 
unintentional, or fraud, which is intentional. 


= Possible Relationship of Deviations to Other Phases of the Audit: The discovery of fraud 
ordinarily requires a broader consideration of possible implications than does the discovery 
of an error. 


4 Dual-Purpose Samples 


In some instances, the auditor may use the same sample to perform both tests of controls and 
tests of details. Dual-purpose samples are generally used only when the auditor believes that 
there is an acceptably low risk that the deviation rate in the population exceeds the tolerable 
rate. The size of a sample designed for dual purposes should be the larger of the samples that 
would otherwise have been designed for the two separate purposes. 


In evaluating dual-purpose samples, deviations from the control and monetary misstatements 
should be evaluated separately using the appropriate risk levels. The auditor should consider 
whether the existence of misstatements is indicative of a control failure; however, the absence 
of monetary misstatements does not necessarily imply that controls are operating effectively. 
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9 Audit Data Analytics 


1 ‘Defining Audit Data Analytics 


Audit data analytics (ADAs) are data analytic techniques that enable auditors to analyze and 
review both financial and nonfinancial data to discover patterns, relationships, and anomalies 
during an audit. The use of information technology in virtually every aspect of a business has led 
to an increase in data volume and availability. This increase has coincided with an improvement 
of auditing technology and an increase in analytic capabilities. As a result, the evolution and 
integration of audit data analytics have changed the way an audit is performed. 


1.1. Applicability of ADAs in an Audit 


ADAs can be used in essentially all areas of an audit. ADAs can be used to perform risk 
assessment procedures, tests of controls, substantive procedures, and can assist in the overall 
conclusion of an audit. A single ADA can be used to concurrently obtain evidence in multiple 
areas, for example, risk assessment and substantive procedures, as long as the objectives of 
both types of procedures are met. 


1.2. Benefits of ADAs 


ADAs can greatly enhance the quality of an audit. ADAs enable: 

= Better understanding of clients and their operations 

=m Advanced assessment of risk in areas that may have otherwise gone undiscovered 
= Expanded audit coverage through testing of entire populations 
o 


Insights gained from evaluating metadata and relationships among data both internal and 
external to the firm 


Increase efficiency of applied procedures 
Enhanced fraud detection 
= Improved communication through data visualizations and other reports 


2 Audit Data Analytics Tools and Techniques 


Application of ADAs involves coordination and understanding of analytical techniques in 
conjunction with the tools that enable their implementation. 

2.1 Steps in Applying ADAs 

When applying ADAs, the auditor should perform the following steps: 


1. Plan the ADA. This involves determining the objective and purpose of the ADA, including 
which components of the entity are being tested. This step also includes assessment of 
what data is needed, the most appropriate ADA technique to employ, and which tools and 
outputs will be used in the assessment of the outcome. 
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2. Access and obtain the data. This will include gaining access to and sourcing the data from 
the appropriate data source and cleaning and validating the extraction. 


Review and analyze the relevance and reliability of the sourced data. 
Perform the ADA utilizing the selected tools and techniques. 


Evaluate and address the outcomes to ensure the proposed objective was achieved, the 
ADA was performed effectively, and determine if further refinement or procedures should 
be performed. 


2.2 ADA Tools and Technology 


ADAs can be done manually, however, that approach is typically tedious and inefficient. As a 
result, most ADAs are performed using software. The types of software used include: 


= Data Extracts and Preparation: This software is used to extract, transform, and load 
(ETL) data in preparation for analysis by allowing auditors to connect to data sources, clean 
the data to remove errors and inconsistencies, scrub the data to address integrity issues, 
adhere to data quality standards, allow for normalization, combine data from different 
sources, and summarize data. These tools also facilitate the automation of data collection by 
recording each of the ETL steps for reuse with new data: 


e Spreadsheet tools 

e Database or structured query language (SQL) explorer 
e Data transformation and cleaning software 

e Robotics process automation (RPA) software 


= Data Modeling: This specialized software provides a platform for common data analytics 
procedures, in some cases tailored for common audit analytics, such as Benford's law 
analysis or sampling. In some cases, more robust or computationally intensive models 
require connecting to more powerful cloud-based service: 


e Data analytics software and plug-ins 
e Data mining software 
e Programming scripts 


= Data Visualization: This software is useful for creating charts, graphs, diagrams, and 
dashboards to help emphasize trends, relationships, and composition of data elements. 
More advanced software can create graphs using text prompts instead of building visuals 
from scratch: 


e Charts and graphs 
e Data visualization software 


e Natural language processing (NLP) tools 


2.3. ADA Techniques 


ADAs span a wide spectrum of techniques and methodologies. These techniques can be as 
simple as sorting and filtering and as advanced as classification and machine learning. Typically, 
as the complexity of the technique increases, so does the value it brings to the audit. There are 
four broad categories of data analytics that may be applied as ADA: 
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2.3.1 Descriptive Analytics 


Descriptive analytics explain what happened or what is happening with data. Throughout an 
audit, it is important to gain a high-level understanding of the location of central tendency, 
spread, shape, and other descriptive values of the data being analyzed. This understanding can 
be achieved through descriptive analytical techniques such as summary Statistics, data sorting 
and filtering, and aging data. Key functions include the following: 


m= Summary statistics 
e Location of central tendency (mean, median) 
e Spread (range, standard deviation, variance) 
e Shape (skewness) 
e Dependence (correlation) 

m= Binning 


e Frequency distribution (aging) 


Kenneth is performing an audit of Tartare Eatery Corp., which currently has eight 
restaurant locations, all of which are open Monday through Saturday. As part of the 

audit, Kenneth wants to run summary statistics on the sales transactions at each of these 
restaurants including total, average, and count of sales transactions. After running the 
summary statistics, Kenneth filters the results to show only data pertaining to Sundays. 
This enables Kenneth to determine if any transactions were recorded on the days that the 
Tartare restaurants were closed and in what volumes. Any results would require follow-ups 
and potential additional procedures. 


2.3.2 Diagnostic Analytics 


Diagnostic analytics are utilized when an organization wants to understand the underlying 
cause of results, essentially, why something happened with the data. Diagnostic analytics work 
to uncover correlations, patterns, and relationships among data to explain outcomes. Common 
diagnostic analytical techniques include: 


= Clustering 

Drill-down and drill-through analysis 
Data mining and discovery 

Variance analysis 
Period-over-period analysis 

Data profiling 


Sequence check 


© Becker Professional Education Corporation. All rights reserved. Module 9 A3-103 


Audit Data Analytics AUD 3 


Tracy is reviewing the liquidity of Maroney Publishing as part of the risk assessment 
procedures during the current audit. Tracy decides to calculate the current ratio for the 
current year (Year 3) and the prior two years (Year 1 and Year 2). Tracy notes that the 
current ratio is 1.4, 1.5, and 0.8 for Years 1, 2, and 3, respectively. The significant decrease 
from Year 2 to Year 3 requires further investigation. 


Tracy performs a drill-down analysis on the current ratio, breaking out the accounts that 
make up the current assets and current liabilities for both Year 2 and Year 3. Upon this 
review, it was noted that the balances year over year were fairly consistent aside from a 
dramatic increase in short-term debt. Tracy then performed a drill-down analysis within the 
short-term debt account and discovered an extremely large transaction where a short-term 
note was issued in exchange for new fixed assets used as part of Maroney's publishing 
activities. This triggered a targeted test of details on the large short-term note transaction. 


2.3.3. Predictive Analytics 


Predictive analytics uses historical data and facts to make predictions, estimates, and assertions 
about future events. Predictive analytics look to answer the question of what will happen in the 
future. Common predictive analytical techniques include: 


m Regression analysis 
Forecasting 
Time-series modeling 


Classification 


Sentiment analysis 


Elizabeth is engaged in an audit of SGT Retailers. Elizabeth wants to determine if there 

is potential fraud risk by running sentiment analysis on social media posts about the 
top-selling products of SGT. In doing so, Elizabeth found that there was extremely negative 
sentiment across the board on a specific model of television sold exclusively by SGT. 


Elizabeth then reviewed the transactions involving this specific television model and noted 
that there were sales all through the third and fourth quarters of the year under audit, 
however, there were few returns during that time period. Upon further investigation, 
Elizabeth found that there was an abnormal amount of returns of the product in the month 
after year-end, which indicated that there may have been an error or fraud pertaining to 
the timing of returns. 
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2.3.4 Prescriptive Analytics 


Prescriptive analytics are the most advanced and complex type of analytic. Prescriptive analytics 
typically build on predictive analytics and shift the focus from addressing what will happen to 
how to make something happen. As in the name, prescriptive analytics prescribe courses of 
actions to help optimize decisions to reach desired outcomes. Common prescriptive analytical 
techniques include: 


= What-if analysis 

= Decision support and automation 
= Machine learning 
a 


Natural language processing 


Petra is testing transactions related to accounts payable at Parcell Corp. Petra reviews a 
flowchart of the current accounts payable process and notes that Parcell Corp. receives 
physical copies of its supplier invoices and manually inputs the data into its accounting 
information system. 


Petra chooses a sample of invoices from a detailed listing of all supplier invoices from 

the year under audit. Petra requests the originals of all the invoices. Petra scans all of 

the supplier invoices into digital copies and utilizes the artificial intelligence application 
known as optical character recognition (OCR) to convert them into a machine-readable 
format. Petra then utilizes natural language processing (NLP) to pull the information from 
the converted invoices and match it against the detailed invoice listing to determine if any 
discrepancies exist. 


3. Applying Audit Data Analytics 


During the planning phase of an audit, there must be a determination of which areas of the 
audit ADAs can and should be applied. This determination is driven by the nature and scope of 
the audit objectives and the data available. Once the determination of ADA integration is made, 
the specific techniques and tools to be used must be evaluated. The areas of an audit where 
ADAs can be utilized are as follows: 


3.1 Risk Assessment 


ADAs can be employed during the risk assessment process to: 

= Identify previously unidentified risk 

Identify and assess the risk of material misstatements at the financial statement level 
Identify and assess the risk of material misstatements at the relevant assertion level 
Identify and assess fraud risk 


Assist in the determination of additional audit procedures to be performed 
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Costanza Retail has five retail stores all in different cities. The auditor would like to assess 
the risk of material misstatement at the different locations by comparing sales for each 
location by quarter to see if there are any anomalies. The auditor performs a simple 
descriptive ADA and produces a column chart to evaluate the outcomes: 


Sales by Quarter 
$35,000.00 


$30,000.00 


$25,000.00 


$20,000.00 
$15,000.00 
$10,000.00 

$5,000.00 


Blacksburg Buffalo Hamilton Hermitage Listowel 


uw 


mQi mQ2 gQ3 =Q4 


Based on the output, it appears that the store in Hermitage had the largest change quarter 
over quarter pertaining to sales in Q3 and Q4. Based on this, the auditor may choose to 
apply substantive procedures to address the potential risks associated with this change. 


3.2 Test of Controls 


ADAs can provide support and evidence in evaluating the design and operating effectiveness of 
internal controls. ADAs can assist the test of controls in the following ways: 


= Evaluation of external data to validate control outcomes 

= Analysis of internal data to corroborate or dispute the effectiveness of controls 
= Review of data for anomalies that are likely to be a result of a control failure 
| 


Aid in reperformance activities 
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Tillman Financial provides financial services to its clients. Tillman has incorporated an internal 
control that provides a review of employees who have access to the company's information 
system on a monthly basis. Its auditor has determined to perform an ADA to determine 
whether all employees discharged from the company either voluntarily or involuntarily during 
the preceding year appropriately had all their access revoked from all information systems. 


The auditing company utilizes a diagnostic analytic with fuzzy logic capabilities. Fuzzy logic 
allows for an approximate search that returns the best approximation of the value as well 
as a percentage of match. For example, a fuzzy logic analytic that searches for "John Smith" 
may return "Smith, John" as a 99 percent match. Using a list of discharged employees and a 
list of those who have current access to the information system, the auditor can run a fuzzy 
logic diagnostic ADA to determine if access was not removed appropriately. Further testing 
may be done to determine whether removal was done in a timely manner. 


3.3. Substantive Procedures 


Auditors use substantive procedures to detect material misstatements in financial statements 
and accompanying disclosures at the assertion level. ADAs can be applied to both tests of details 
and analytical procedures. 


3.3.1. Tests of Details 


Tests of details are performed on both transactions and balances to gather evidence to support 
the values and disclosures within the financial statements. ADAs can be incorporated into the 
tests of details in the following ways: 


= Perform sequence checks on prenumbered source documents or transactions to ensure 
completeness, including evaluation of both gaps and duplicates 


Test entire populations to verify accuracy 
Compare transactions against external data to ensure occurrence and accuracy 


Utilize structure and content analyses to evaluate source data to identify missing data or 
inconsistent or inappropriate data formatting 


3.3.2 Analytical Procedures 


ADAs are a natural fit for analytical procedures used as substantive procedures and may be 
utilized in the following ways: 


= Comparing current year data to preceding year data 
= Comparing industry trends to trends found at the audited entity 


= Developing expectation for transaction or balance amounts to act as a comparison for 
recorded and reported amounts. The development of expectations may include: 


e Regression analysis 

e  Period-over-period analysis 
e Trend analysis 

e Classification models 

e Ratio analysis 


= Performing a drill-down analysis on significant differences found in expected versus 
actual amounts 
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Heenan Auto operates 12 mechanic shops across the United States. Its auditor has decided 
to run a regression ADA because the auditor feels that the amount of gross revenue can be 
predicted by labor hours and materials expense. The ADA utilizes data from the three years 
preceding the current audit and determines that the assumption was correct. The auditor 
then utilizes the outcome of this ADA to set expectations and evaluate actual results of 
revenue for the year under audit. 


3.4 Concluding the Audit 


Towards the end of an audit, the auditor will have advanced knowledge of the entity being 
audited and the nature of the environment in which the entity operates. This deeper knowledge 
allows the auditor to apply ADAs similar to the risk assessment procedures, however, with a new 
perspective. Using ADAs to assist when forming an overall conclusion allows the auditor to gain 
comfort that no material misstatements went unidentified or unassessed during the course of 
the audit. 


Using ADAs as concluding procedures may also involve updated financial figures or disclosure 
information that were discovered during the audit. These updates could affect trends and ratios 
among other previously applied procedures. 


4 Sourcing and Reviewing Data Used in Audit Data Analytics 


ADAs are only as effective as the data they utilize. When sourcing data for the performance 
of ADASs, it is vital that the data be analyzed to ensure it is complete, accurate, relevant, and 
reliable. The auditor must identify what data is needed for the ADA, where and how that data 
can be sourced, and what procedures need to be performed to ensure reliability. 


4.1 ADA Data Sources 


With the full integration of IT and evolutionary data collection techniques, the challenges with 
data analytics are determining what data should be analyzed and where it can be found. Audit 
evidence to be utilized in ADAs may come from the following sources: 


4.1.1. Information Systems 

Data may be stored in a variety of information systems utilized by the entity such as: 
Accounting information systems (AIS) 

Management information systems (MIS) 

Executive information systems (EIS) 

Decision support systems (DSS) 

Customer relationship management systems (CRMs) 

Supply chain management systems (SCM) 

Inventory management systems (IMS) 


Knowledge management systems (KMS) 


Enterprise resource planning systems (ERPs) 
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4.1.2 Data Storage Functions 


Data can be stored in a number of different data repositories based on the type of data listed 
below from largest to smallest: 


= Data Lake: All structured and unstructured data 

Data Warehouse: Structured and organized database tables available for analysis 
Data Mart: Subset of database tables used for specific business segments 

Data Cubes: Database tables transformed for drilling-down 

Databases: Structured tables available for specific analysis 


Tables: Single sheet of attributes and records 


Spreadsheets: Data files that may contain tables and/or other values 


4.1.3 Internal and Reporting Sources 


Internal data and data used in the compilation of financial statements provide sources for ADAs. 
These include the following: 


= Audited financial statements and/or the financial statements being audited 
Transaction logs 

Subledgers and general ledgers 

Source documents such as invoices, purchase orders, and receiving reports 


Stand-alone data files such as spreadsheets 


Connected devices (Internet of Things, or loT) 


4.1.4 External Sources 

Data may be obtained from external sources such as: 
= Governmental external sources 

= Private external sources 


= Service organizations external to the entity that provide services to an organization including 
cloud computing services 


4.1.5 Data File Formats 


In some cases, auditors may be given access to a data warehouse where they can perform 
queries and generate reports with relevant evidence. In most cases, the auditor will make a 
request for data from the database administrator or IT department and receive the requested 
data in one or more of the following formats that can be connected or imported into data 
analytics software (and how they can be useful for auditors), listed in order of complexity: 


= Tab-separated Text (txt) File: A universally accepted, efficient way to move data 
from clients' systems to the auditor's software without limitation of rows common for 
spreadsheet tools. 


= Comma-separated Value (csv) File: An efficient way to move data from clients' systems to 
the auditor's software without limitation of rows common for spreadsheet tools. 


= Microsoft Excel (xlsx) Spreadsheet: A flexible canvas for auditors to conduct ad hoc 
analyses with limitations on rows. 


= Database (db) or Access Database (accdb) File: A means to move data into an Access 
database for structured analyses by the auditors. 
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= Extensible Markup Language (xml) File: Gives the data elements a hierarchal form, 
contains more metadata or tags about each specific piece of data, and makes data sharing 
with other audit applications easier. 


= Hypercube (hyper) File: Allows automated updates of linked audit documentation fields 
when the underlying data changes. 


= Compressed (zip) File: Makes file sharing easier with team members and saves storage 
space for auditors. 


4.2 ADA Data Types 


ADA may be performed on either structured or unstructured data. 


4.2.1 Structured Data 


Structured data is organized, has consistent data types and formats, and is easily searchable. 
Structured data includes data found in spreadsheets, tables, databases, data cubes, data marts, 
and data warehouses. 


Structured data, a key feature of relational databases, organizes data into records (i.e., rows ina 
table), and each record has the same number of attributes (i.e., columns in a table). Thus, data is 
made easily searchable through query languages such as structured query language (SQL). 


Structured data consists of the following components: 


= Tables: Objects in a database are stored in a file containing columns and rows like a 
spreadsheet. Relational databases combine multiple tables with foreign keys. 


= Attributes: Columns in a table represent characteristics or properties that describe the 
objects, including primary keys, foreign keys, and descriptive attributes. 


= Records: Each row in a table contains information about a single entity or object in the 
table, such as a customer or sales order. 


= Fields: The space at the intersection of a column and row where data is entered. The 
information placed inside a field is a "data value." 


= Database Keys: Attributes that uniquely identify each record in a table or facilitate the 
relationship between two tables. 


e Primary Key: A required attribute in every table that contains a unique identifier, such 
as a customer number or e-mail address. 


e Foreign Key: Attributes in one table that contain values from a primary key in another 
table. For example, a sales order record may include Customer ID as a foreign key that 
refers to the Customer ID that is the primary key in a customer record to indicate that 
order involves a specific customer. 


e Composite Key: In some cases where a single attribute cannot uniquely identify a 
record, it may be combined with more than one attribute to create a unique key. For 
example, each line item on a sales order will typically contain a combination of the 
Sales Order ID and Inventory ID (both are foreign keys in the Sales Order and Inventory 
tables, respectively). Combined, these values create a unique identifier for each row. 


Normalization is a database design technique that reduces data redundancy by dividing large 
tables (e.g., a sales order table that also contains all customer data for each sales order record) 
into smaller tables (such as a separate sales order table and customer table) that are linked 
together with a foreign key. 


A relational database is an effective way to reduce data redundancies for a structured data set 
by using the concept of "keys." 
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An auditor is interested in obtaining 10 college students' backgrounds (e.g., name, sex, 
home address, high school) and the courses they have signed up for this semester (course 
number and professor). If each student signed up for three courses, the auditor will find 
30 records of data in a spreadsheet. Of the 30 records, the auditor will find that student 

A (who signed up for three courses) would have three course enrollment records with the 
same name, sex, home address, and high school attributes with different course numbers. 
To address the duplicity, a relational database restructures the data set into three tables: 


e Astudent roster table will be created containing 10 student records with their name, sex, 
home address, and high school attributes. Each record will contain a unique identifier, 
such as a student ID. The student ID will act as the primary key of the student roster table. 


e Acourse table will be created containing all the course records available for the 10 
students to select from. Each record will contain a unique identifier, such as a course ID. 
The course ID will act as the primary key of the course table. 


e Anenrollment summary table containing the pairing of student ID and course IDs 
illustrating the enrollment results. Each enrollment record will then be assigned a unique 
enrollment ID as the primary key. The course ID and the student ID in the record are 
considered foreign keys to unlock the details stored in the other tables. 


The process of breaking down the data set (e.g., 30 records) into multiple tables (e.g., 
student roster table, course table, and enrollment table) and reducing the duplicity of the 
data is the process of "normalization." 


4.2.2 Unstructured Data 


Unstructured data is essentially all data that is not structured. This data is typically in its 
original unmodified format and remains that way until transformed and modified for analysis. 
Unstructured data is not organized, nor is its format or data type consistent. This makes 
unstructured data difficult to sort and oftentimes requires different ADAs than structured data. 


Unstructured data that may be utilized in an ADA includes social media posts, interview or 
phone transcripts, data sourced from sensors (Internet of Things), or nontraditional data types 
such as videos or images. Unstructured data includes data found in data lakes. 


4.3 Attributes to Evaluate in ADAs 


The specific attributes of data obtained will depend on the nature of the ADA and its objective. 
Data may be: 


= Numeric (quantitative) data such as quantity, counts, or financial values (e.g., amount 
revenue for a given month, number of transactions at a specific store, or quantity ordered 
of various inventory items). 


e Discrete data cannot be broken into portions, fractions, or decimals. Discrete data is 
considered a whole number, such as employee head count. 


e Continuous data can be broken up into decimals, units, fractions, and parts, such as 
measurement, time, or dollar amount. 


e Interval scale data shows each point on a line where zero has no special meaning, such 
as temperature or exam score. 


e Ratio scale data shows numbers on a scale where zero means the absence of 
something, such as inventory count. 
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= Text (qualitative) data that provides descriptive values (e.g., customer satisfaction results, 
transcripts of customer support calls, or social media posts about the organization or the 
industry in which it operates). 


e Nominal scale data describes categories with no numerical relationship, such as 
geographic regions or colors. 


e Ordinal scale data identifies the rank or order of data, such as income level or job title. 


= Date and time data, which indicates when activities or transactions occur, including any level 
of detail about the time (e.g., years, quarters, months, specific dates or even times during 
the day). 


= Geographic data that provides information about where operations take place. (e.g., 
address, city, state, zip code, latitude, longitude) 


4.4 Sourcing Data for ADAs 


Data sourced for ADAs may be obtained using a variety of techniques and methods including: 
Utilizing built-in reporting provided by information systems 

Custom queries of information systems 

Data mining using programming languages (both internal and external) 

Data-pulls using accounting or audit software to connect to an information system 


Walk-throughs and interviews of clients 


Research and external sites 


4.5 ADA Data Reliability Verification 


The majority of data is sourced from some type of information system. As a result, the audit will 
typically perform general IT controls (GITC) testing to ensure there are sufficient controls internal 
to the information system and its functions. 


4.5.1 Reliability Procedures 


To determine the completeness, accuracy, and reliability of information utilized in an ADA, the 
auditor could perform the following procedures and activities: 


= Obtain or create flowcharts or data flow diagrams to gain an understanding of information 
sources, processes, transformation, and reporting or disposition. 


= Perform tests of controls around the data being utilized if sourced internally within an 
organization. 


m Use confirmations to verify balances. 
= Recalculate provided data or reperformance of how the data was produced. 


= Employ GITCs to ensure components of the IT infrastructure inclusive of information 
systems and software are sufficiently controlled. 


= Evaluate spreadsheet controls if the data came directly from a spreadsheet utilized by 
the entity. 


m Request a SOC 1° report if the data being analyzed was produced by a service organization 
that is employed by the audited entity. This report provides assurance around the controls 
at the service organization. 


= If available, compare the data utilized in the ADA with data from a separate internal source, 
or if possible, from an external entity. 
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= Source the data directly from an independent and/or external party. 


= Perform a sequence test on prenumbered documents to provide assurance around 
completeness inclusive of identifying and analyzing gaps and duplicates. 


= Perform validation of sourced data through review of batch totals, hash totals, and 
record counts. 


= Perform summary statistics on the data and review outcomes to see if they tie to auditor 
expectations. 


m Review known relationships in financial statements. For example, the ending balance in one 
accounting period should be the beginning balance in the subsequent period. 


= Reconcile data utilizing known aggregation points and accounting rules provided within 
accounting information systems. These can include: 


e Aggregating transaction data to tie it to subledger balances. 
e Aggregating subledger balances to tie to the general ledger balances. 
e Tying general ledger data directly to the entity's financial statements. 


= Employ the assistance of a specialist to evaluate the data. The specialist may be part of an 
internal audit, a forensic auditor, an information systems auditor, or an external party. 


Sherman CPA plans to perform audit data analytics to test the equity accounts at its client, 
Reagan Phillips Financial. Because Sherman will be utilizing the equity accounts, it decides 
to perform reliability procedures on that data. One simple reliability procedure it runs is the 
reconciliation of the beginning retained earnings balance to the ending retained earnings 
balance for the current year. It takes the beginning balance and reduces it by all dividends 
declared during the year and increases it by the current year's net income and notes no 
other changes occurred. Sherman validates the dividends with an external stock regulator 
and reviews the tax records concerning the net income. 


Sherman then calculates the debt to equity for the current year and the prior year and 
notices that there is a 45 percent increase year over year. This drastic increase prompts 
Sherman to run a classification analytic to determine whether Reagan Phillips Financial is 
likely to go into bankruptcy. This analytic looked at ratio profiles of companies in the same 
industry that had gone bankrupt in recent years and compared them to the profile of 
Reagan Phillips Financial. 


4.5.2 Increasing Reliability 


Reliability of data can be increased and/or improved based on the source of the data and how 
the extraction occurs. Audit evidence is considered more reliable if: 


= The auditor sourced the data directly as opposed to requesting the data or through the use 
of narrative evidence. 


The auditor sourced the data from a source independent of the entity being audited. 
Controls surrounding the input, processing, and storage of the data are deemed effective. 
The original documents are provided as opposed to any type of reproduction. 


The evidence is documented as opposed to evidence sourced through oral inquiries alone. 
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5s Procedures Performed on Visualizations and Reports 


The efficacy of an ADA is dependent upon how well it can be utilized by an auditor to gain 
insights and provide audit evidence. This means that the output of an ADA needs to be produced 
in such a format that the auditor can determine if there are relationships among the variables, 
underlying trends, and/or outliers or anomalies. This allows the auditor to evaluate the risk of 
material misstatement, provide evidence to back up or dispute asserted findings, or trigger the 
need for additional procedures. 


Once the auditor plans and performs the ADA on data deemed relevant and reliable, the auditor 
must evaluate and group the outcomes. 


5.1 Determination of Appropriateness of ADA Application 


The auditor must review the output of the ADA and evaluate whether the ADA was performed 
appropriately. This may be an iterative process where the ADA technique, performance, or 
the underlying data used in the ADA need further modification or refinement with potential 
subsequent reperformance. After the ADA is deemed appropriate, the auditor can review the 
output of the ADA to gain insights and review potential concerns. 


5.2 Using Data Visualizations 


The auditor must understand and evaluate the output of an ADA. This understanding may be 
gained by creating or reviewing reports, charts, and/or data visualizations. Data visualizations 
are an integral part of how analytics are performed and interpreted. Data visualizations take 
complex activities or content and transform them into easy-to-read graphs, charts, or other 
visuals to provide the auditor with insights to make decisions. 


When creating visualizations, the following items should be addressed to ensure ethical and 
effective decision making: 


= Choose the Right Type of Visualization: A pie chart communicates different information 
than a scatter plot or a line chart. 


= Apply Correct Scaling: Typically, scaling on the y-axis should start at zero to avoid 
misinterpretation of differences and variation. 


= Utilize Appropriate Colors: Colors can greatly change how the viewer interprets a 
visualization. Make sure the audience and its culture are considered when determining an 
appropriate color scheme. 


= Emphasize Focus Areas: Visualizations can be easily manipulated to draw the focus to 
specific outcomes. Ensure the visualization is designed to focus on the objective the ADA 
was designed to achieve and avoid bias. 


5.3 Interpreting Results 


The auditor may be able to find relationships between variables that will allow the auditor to 
better understand the nature of the entity or specific accounts or activities. Many times, the 

review of the analysis can be aided by numeric statistical output coupled with visualizations. 
Some examples of ADA techniques and their presentation include the following: 
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5.3.1 Regression Analysis 


Regression analysis allows for an auditor to evaluate relationships between variables. 

Simple regression can be used to show the direction and strength of the relationship of an 
independent variable to a given dependent variable. For example, an auditor may predict that 
an organization's office supplies expense is driven by the total number of labor hours worked. 


Regression analysis typically utilizes scatter plots where the data points are plotted with an (x, y) 
relationship with a corresponding regression line. If there is a strong correlation between the 
given variables indicated by the data points being closer to the regression line or a high R? value, 
the auditor may utilize the regression output to set expectations for given values and compare 
them to actual values, which may trigger further procedures. 


5.3.2 Variance Analysis 


An auditor may run a variance analysis to compare a company's forecasted or budgeted values 
against actual values. A bullet chart can be helpful because it shows bar chart values against 
lines designating the budget. This type of analysis may drive the auditor to perform additional 
procedures on areas where the variance is significant. 


The auditor evaluating variance analysis may respond and set a margin of error for the variance 
(e.g., +/- 10% of the budgeted value) and may highlight that zone on a bullet chart. When 
reviewing the bullet chart, the auditor should pay closest attention to values that exceed or miss 
that acceptable margin for follow-up investigation. 
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5.3.3 Period-Over-Period Analysis 


An auditor may compare financial or nonfinancial values across given periods. For example, the 
auditor may compare the results of the first quarter for the current year against the previous 
year. A bar or column chart can be effective at comparing values against one another. This 
allows for quick review and evaluation of gaps between values from a visual perspective. 

Any significant differences should call for further audit procedures to explain the cause of 

the difference. 


The auditor evaluating period-over-period analysis may respond by looking for changes in 
related accounts to determine whether they move in the same direction (e.g., sales revenue and 
net income both increase from the prior period). For accounts that diverge from the expected 
direction, the auditor should drill down into the underlying accounts to determine the cause of 
the trend and investigate further. 
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5.3.4 Classification 


Classification is a predictive analytic that allows the auditor to utilize historic data to make 
predictions about what classes or categories would best fit a new data point. Scatter plots may 
be used to demonstrate where values fall in the analysis. In addition, an auditor may utilize 
visualization techniques that show the proportional makeup of the population by class or by 
category, such as a pie chart or tree map. 


Auditors may use classification to determine if the characteristics of certain data points, 
including products, transactions, or external parties, match up with the audited company's 
treatment of them. Classification may lead to further procedures if expectations are different 
than actual results. 
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When evaluating a classification scatter plot, most observations will gravitate to one class or 
another (e.g., operating vs. financing leases). The auditor's response should include paying close 
attention to those values that do not clearly fit with their neighbors. These outliers indicate 
additional complexity and require increased judgment as well as additional investigation. 
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5.3.5 Trend Analysis 


Trend analysis can be used to develop expectations of future results. Comparative trend 
analysis enables the auditor to compare internal values that have relationships or even bring 

in industry or other external data for comparative purposes. Line charts are the best way to 
demonstrate trends because they appropriately address the forward-moving concept of time. If 
an auditor sees that trends in specific account balances or activities are inconsistent with trends 
in comparative internal or external data, this may drive further procedures to be performed on 
specific periods that present inconsistent tendencies. 


The auditor may respond by looking for trends of different accounts to see whether they trend 
in the same direction (e.g., up or down). In other cases, the variability or volatility of a trend 

line may introduce additional noise into the analysis. The auditor should consider drilling up or 
down into the time line to identify smoother trends (e.g., quarter or year) or observe seasonality 
and weekend results (month, week, or day) to see if any specific patterns in the account appear 
abnormal. From there, the auditor can investigate the underlying account or individual to 
determine if the procedure and controls are being followed. 


Net Income 
$50,000.00 
$45,000.00 
$40,000.00 
$35,000.00 
$30,000.00 
$25,000.00 
$20,000.00 
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$10,000.00 


$5,000.00 


5.4 Evaluating and Grouping Potential Misstatements 


When reviewing the output of the ADA, there may be a small or large number of items (e.g., 
outliers, abnormal variances, or unexpected results that could indicate potential misstatements) 
that require the auditor's attention. If there is a large number of items to review, the auditor 
may choose to group the outcomes into categories to better assist the auditor in the review. 


The auditor may divide the items found in the output of the ADA into two broad categories: 
clearly inconsequential or not clearly inconsequential. 
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5.4.1. Clearly Inconsequential 


The auditor may be able to quickly determine whether a specific item of interest or a group of 
items are clearly inconsequential to the audit. This means that the auditor believes that these 
items do not pose a risk of material misstatement individually or in aggregate. The auditor 
would document the rationale as to why the items are inconsequential including amounts or the 
nature of the item or group of items. 


5.4.2 Not Clearly Inconsequential 


When there are possible misstatements found in the outcome of the ADA that are not clearly 
inconsequential, the auditor must perform additional steps: 


= The auditor may group these items by common characteristics found among them (similar 
time period, values, type, etc.). 


= The auditor would then determine the possible misstatements. 


=m After the groups are evaluated, further analysis, procedures, and review should be 
performed to see if the groups present with no actual misstatements, present with 
misstatements that are clearly inconsequential (individually or in aggregate), or if 
they present with misstatements that are not clearly inconsequential (individually or 
in aggregate). This step should be thoroughly documented with detailed rationale 
on determinations. The items that remain not clearly inconsequential will trigger 
additional procedures. 


5.5 Additional Procedures 


The auditor should evaluate the outputs and outcomes of the ADA and perform further 
procedures on the possible misstatements that have been categorized as not clearly 
inconsequential. The nature and extent of the procedures will vary based on the auditor's 
judgment. These procedures should address the following: 


= Consideration of both quantitative and qualitative factors on the nature of the possible 
misstatement. 


=m Assessment to determine if the possible misstatement is a result of potentially 
fraudulent activity. 


= Evaluation of the possible misstatement to see if it may have resulted from a control or 
process failure. 


= Determination of the nature and extent of the substantive procedures to be applied. 
For example, evaluating if the test should include the entire population or a sample of 
that population. 
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Revenue Cycle 


1 Transaction Cycles 


Audits are generally performed by transaction cycle. The most common transaction cycles are 
listed in the chart below and will be covered in the first six modules of this unit. Auditing by 
transaction cycle enables the auditor to gather evidence for related accounts, transactions, and 
disclosures simultaneously. This makes the audit process more efficient. 


Module Cycle Description 
1 Revenue Includes sales revenues, receivables, and cash 
receipts 
2 Expenditure Includes purchases, payables, and cash 
disbursements 
3 Cash Includes cash receipts and cash disbursements 
4 Inventory Includes perpetual inventory, physical counts, and 


manufacturing costs 


5 Investments Includes investments in debt and equity and the 
income received from investments 


6 Other Transaction Cycles | Includes cycles for property, plant, and equipment; 
payroll and personnel; and financing 


2 ‘Fraud Risk Related to the Revenue Cycle 


There should be a presumption in every audit that there is the risk of material misstatement due 
to revenue recognition fraud. Common revenue cycle frauds include: 


m Early revenue recognition. 
Holding the books open past the close of the accounting period. 
Fictitious sales. 


Failure to record sales returns. 


Side agreements used to alter sales terms and conditions to induce customers to accept 
goods and services they otherwise do not need. 


= Channel stuffing achieved by convincing distributors to purchase more inventory than they 
can sell in the near term. 


= Overstatement of receivables, achieved by overstating balances, reporting fictitious 
balances, or understating the allowance for uncollectible accounts. 
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3 Internal Controls Related to the Revenue Cycle 


3.1. Sales 


In a strong system of internal control, segregation of the functions in a sales transaction should 
exist as follows: 


1. Preparation of the Sales Order 


The sales function begins with the receipt of a customer purchase order by the sales 
department. If it is determined that the order can be filled, a serially numbered sales order 
is prepared and sent to the credit department for approval. 


2. Credit Approval 


The credit department determines whether or not the customer may receive goods on 
credit. If the order is approved, a copy of the approved sales order is sent to the shipping 
department, the billing department, and the accounting department. 


3. Shipment 


In the shipping department, a serially numbered bill of lading is prepared and a copy is sent 
to the customer. The goods are shipped, and at this point a receivable is created based on 
invoice shipping terms. 


4. Billing 


The billing department prepares a serially numbered sales invoice. Shipping documents, 
sales orders, and invoices are compared to assure that all shipments were based on valid 
customer orders and were properly billed. Prices and discounts are applied to the invoice, 
and necessary extensions and footings are computed. The invoice is then sent to the 
customer and to the accounts receivable department. 


5. Accounting 
The sale is entered into the sales journal, and a receivable is recorded. 


3.2 Accounts Receivable 


In a strong system of internal control, segregation of the functions in an accounts receivable 
transaction should exist as follows: 


1. Sales 


A receivable is recorded in the accounts receivable control account in the general ledger and 
in the accounts receivable subsidiary ledger. Periodically, an independent person should 
reconcile these two records. 


2. Collection of Cash Receipts 
When payment is received from the customer, the receivable is eliminated. 


3. Uncollectible Receivables 


An aging schedule is prepared and sent to the credit department for use in carrying out 
its collection program. At some point, receivables deemed uncollectible should be written 
off. Controls for writing off receivables include proper authorization (by the treasurer) and 
record keeping. Without proper control, amounts subsequently collected easily could be 
misappropriated by employees. 
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4. 


Sales Returns 


Returned goods must be examined to ensure that they correspond with the reason for 
return before credit is given. A serially numbered receiving report may be used as a sales 
return slip. Once the return is approved, the sales return is recorded and the related 
outstanding receivable is eliminated. 


Credit memos should not be prepared by individuals who collect or receive cash payments 
on accounts receivable; to do so would be an inadequate segregation of duties. 


Sales Discounts 


Sales discount procedures and records should be reviewed to ensure that discounts are 
properly given and recorded based on the selected method (gross versus net). This ensures 
that receivables are not overstated. 


3.3. Cash Receipts 


Incoming mail must be opened by a person who does not have access to the accounts 
receivable ledger. The receipts should be listed in detail and three copies distributed to the 
following personnel: 


1. 
2. 


3. 


Cashier: Receives actual receipts and prepares bank deposit. 


Accounts Receivable Department: Enters receipts into the accounts receivable 
subsidiary records. 


Accounting Department: Enters receipts into accounts receivable control account. 


The accounts receivable department should match the details from the bank deposit ticket 

with the details from the remittance advices. This will reveal any discrepancies. Cash collections 
should be restrictively endorsed upon receipt and deposited daily. Devices such as cash registers 
or lock boxes should be used as safeguards. 


3.4 Sales Flowchart 
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sales order write-off 
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| ill of lading sales order 
i Approved 
write-off 


Prepare 
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3.5 Collections Flowchart 


Mailroom Accounting 
(Custody) (Record keeping) 
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3.6 Testing Controls: Sales 


Department | Control Procedure Sample Test of Control Procedure 
Order 1. Prepare prenumbered sales order. © Inquire about credit procedure for new 
Bares 2. Perform credit check (authorization). customers Wallation): 
‘ ® From a population of approved sales 
3. Approve credit for returns. orders (and returns), select a sample 
4. Follow up on old or past-due and examine documents for evidence 
accounts. of credit check (valuation). 
5. Initiate write-offs, which should be 
approved by the treasurer. 
Warehouse 1. Receive approved sales order from © Observe warehouse personnel filling 
and Shipping credit dept. (must have approved sales orders (existence). 


sales order before release of goods 


° rve physical controls over 
from warehouse). Observe physical controls ove 


inventory. 
2. Pull inventory from warehouse and 


release to shipping. © Observe evidence of independent 


checks (existence). 

3. Perform independent check of 
goods received from warehouse 
and approved sales orders in 
shipping department. —Agree to sales order (existence). 


© Inspect a sample of prenumbered 
shipping documents and: 


4. Prepare bill of lading. —Account for prenumbering 
(completeness). 


A4-6 Module 1 © Becker Professional Education Corporation. All rights reserved. 


AUD 4 


Revenue Cycle 


Billing/Accounts Match shipping documents Vouch a sample of sales invoices (select 
Receivable and sales orders before approved sales orders from the sales 
preparing invoice. journal) to shipping documents and 
Periodically account for all approved sales orders (existence). 
prenumbered shipping documents. Trace a sample of shipping documents 
. selection from prenumbered 
Perform independent check of sales ined P pec 
der piteine shipping documents) to sales invoice, 
° . sales journal, and A/R master 
Prepare prenumbered sales invoice. file (completeness). 
Batch and total invoices. Observe matching of shipping 
: ; documents and sales orders 
Update A/R master file. Agree input Reperform procedures for a sample 
to invoice batch totals. period (completeness). 
Print sales journal. Reperform pricing check: From a 
Print sales summary. Agree sample of sales invoices, check pricing 
to invoice batch totals with master price list (valuation). 
(independent check). Observe periodic counts and 
Mail monthly customer statements. independent checks and reperform 
(valuation). 
Observe mailing (existence, 
completeness, valuation). 
Accounting Receive sales summary. Observe and reperform 
. independent checks (valuation, 
Perform independent check a aes aii ee 
of invoice batch totals and ‘ P , 
sales summary. Observe and reperform review 
Revi le tclassificati of sales account classifications 
eview sales account classifications. (report presentation). 
oe kon Inspect customer exception file and 
Follow-up customer exceptions disposition (existence, completeness, 
(independent check). rights, valuation). 


Note: A formal audit program can be prepared and organized by assertion and sample population. 


Segregation of Duties: 
Authorization: Sales order and credit, treasurer 
Record keeping: _ Billing/accounts receivable/accounting 


Custody: Warehouse and shipping 
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Department | Control Procedure Sample Test of Control Procedure 

Mail Room 1. Separate checks and remittance © Inspect checks prior to deposit for 
advices. endorsement (completeness). 

2. Stamp restrictive endorsement on | ® Observe preparation of prelisting 
checks. (existence, completeness, valuation). 
Prepare prelisting of checks received. 
4. Forward checks to cashier. 
Forward remittance advices to A/R. 
Forward prelisting to accounting, 
cashier, and accounts receivable. 
Cashier 1. Receive checks and prepare deposit. | © Observe preparation of cash summary 
. (existence, completeness, valuation). 
2. Prepare daily cash summary (copy 
to A/R and accounting). © Inspect deposit slip and compare 
F to cash summary (existence, 
Deliver checks to bank. completeness, valuation). 
4. File validated deposit slip. 
Accounts 1. Match remittance advices and check | ® Observe matching of remittance 
Receivable deposit summary. advices and check deposit 
2. Update A/R master file. sulminiany(Gempleteness) 
3. Print CR journal/updated A/R 
master file. 
4. — Print CR summary (copy to 
accounting). 

Accounting 1. Independent check: compare © Inspect evidence of independent check 
the cash summary (cashier), the (existence, completeness, valuation). 
ee of checks (mail room), and | , Reperform independent check 
the CR summary (A/R). for selected dates (existence, 

2. Post G/L. completeness, valuation). 
3. Prepare bank reconciliation. e Inspect bank reconciliation (existence, 
completeness, valuation). 


Segregation of Duties: 
Record keeping: 
Custody: 


Accounts receivable/accounting 
Mail room and cashier (treasurer) 
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4 Performing Specific Procedures to Obtain Evidence: 
The Revenue Cycle 


Ve Pass Key 


Existence is generally a more relevant assertion than completeness when auditing 

the revenue cycle. The risk that accounts receivable and sales will be overstated 
(existence) is high, while the risk that accounts receivable and sales will be understated 
(completeness) is low. 


4.1 Auditing Sales Transactions 


The following tests of details may also be performed as tests of controls or dual-purpose tests. 
The cutoff procedure is performed most often as a substantive procedure. 


= Completeness: The auditor should trace a sample of shipping documents to the 
corresponding sales invoices, and to the sales journal and accounts receivable 
subsidiary ledger. 


= Cutoff: To ensure that sales were recorded in the proper period, the auditor should 
compare a sample of sales invoices from shortly before and after year-end with the 
shipment dates and with the dates the sales were recorded in the sales journal. To ensure 
that significant returns were not made following year-end, the auditor should analyze the 
record of sales returns following year-end. 


= Valuation, Allocation, and Accuracy: The auditor should compare prices and terms ona 
sample of sales invoices with authorized price lists and terms of trade to determine whether 
sales are recorded at the appropriate amount. 


= Existence and Occurrence: The auditor should vouch a sample of sales transactions from 
the sales journal to the sales invoice back to the customer order and shipping documents. 


=m Understandability of Presentation and Classification: The auditor should examine a 
sample of sales invoices for proper classification into the appropriate revenue accounts. 


4.2 Auditing Accounts Receivable 


= Completeness: The auditor should obtain an aged trial balance of accounts receivable and 
trace the total to the general ledger control account. 


= Valuation, Allocation, and Accuracy: The auditor should examine the results of 
confirmations (a test of accuracy) and test the adequacy of the allowance for doubtful 
accounts (a test of valuation). 


= Existence and Occurrence: The auditor should confirm a sample of accounts receivable. 


= Rights and Obligations: The auditor should review bank confirmations and debt 
agreements for liens on receivables. The auditor should also inquire of management and 
review debt agreements and board minutes for evidence that accounts receivable have 
been factored or sold. 
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4.3 Accounts Receivable Confirmations 


The auditor should review the accounts receivable schedule for accuracy and collectibility. 
Confirmation of accounts receivable is a required generally accepted auditing procedure unless: 
(i) receivables are immaterial; (ii) confirmation would be ineffective; or (iii) inherent and control 
risks are very low and evidence provided by other procedures is sufficient to reduce audit risk to 
an acceptably low level. If confirmations are not sent, the auditor must document how omission 
of this procedure was alternatively tested. 


4.3.1 Positive Confirmations 


Auditors send confirmations to their client's customers stating the amount of receivables owed 
by the customer at fiscal year-end. The customers are requested to return a statement to the 
auditor indicating whether they agree with the amount and to provide information about any 
exceptions. This type of confirmation is known as a positive confirmation. Positive confirmations 
should be used to confirm accounts receivable when: 


1. there are large individual accounts; 
2. there are expected errors or items in dispute; and 
3. when the system of internal control is weak. 


Note that positive confirmations may also be "blank," which means that the recipient is 
requested to fill in the balance. Blank forms provide a greater degree of assurance (since the 
recipient cannot simply sign off without actually checking the balance) but may also result in 
lower response rates because a greater effort is required by the recipient. 


Confirmation responses received electronically (e.g., faxes, e-mails) should be verified by calling 
the sender. The sender should also be requested to mail the original confirmation directly to 
the auditor. 


The auditor should consider the types of information respondents will be readily able to confirm. 
For instance, some accounting systems facilitate the confirmation of single transactions rather 
than entire balances. In such cases, the auditor would either confirm individual invoices, or 
would include a client-prepared statement of account showing details of the customer's account 
balance being confirmed. 


Note that confirmations generally provide evidence regarding existence and rights and 
obligations. They do not provide reliable evidence regarding valuation (e.g., customers may 
confirm a balance owed despite an inability to pay) or completeness (e.g., customers may not 
report understatement errors). 


4.3.2 Negative Confirmations 


Negative confirmations differ from positive confirmations in that customers are requested 
to respond to the auditor only if they disagree with the stated amount owed. Negative 
confirmations may be used to confirm accounts receivable when: 


1. the combined assessed level of inherent and control risk is low; 
2. a large number of small account balances are being confirmed; and 
3. there is no reason to expect that recipients of the requests will ignore them. 


Negative confirmations are less effective than positive confirmations because lack of a response 
does not provide explicit verification of the existence of the receivable. 


A4-10 Module 1 © Becker Professional Education Corporation. All rights reserved. 


AUD 4 Revenue Cycle 


4.3.3 Confirmation Exceptions 


Accounts receivable confirmation exceptions occur when there is a disparity between the 
amount of the receivable recorded in the client's accounting records and the amount of the 
receivable confirmed by the client's customer. For confirmation exceptions, the auditor should 
determine whether the exception is due to a timing difference or a misstatement. 


1. Timing Differences 


Timing differences occur when there is a delay in the recording of the transaction by 

the client or their customer. For example, an entity may correctly record a receivable on 
December 31 when the goods are shipped to the customer, but the customer may not 
record the payable until the goods are received on January 5. This is not a misstatement. 


2. Misstatements 


A confirmation exception would be indicative of misstatement if the exception is due to any 
of the following errors or frauds: 


e Fictitious sale 

e Goods sent to the wrong customer 

e Invoice sent to the wrong customer 

e Incorrect price or quantity charged to the customer 
e Misappropriation of cash received from customer 
e Payment applied to the wrong customer account 


Additionally, a confirmation exception could be due to a dispute between the client and the 
customer because the customer claims that the goods do not meet their specifications, that the 
goods were damaged in transit, or that the price of the goods is in dispute. 


4.3.4 Confirmation Nonresponses 


Nonresponses should be followed up with second and even third confirmation requests if 
necessary. The client may be asked to intervene. When confirmation responses are not received, 
the auditor should perform alternative procedures, such as inspecting shipping documents or 
reviewing subsequent cash receipts. If a 100 percent overstatement of the accounts receivable 
from the nonresponding customers would be immaterial, alternative procedures may not be 
necessary. This assumes that there is no unusual pattern to the nonresponses. 


4.4 Auditing Presentation and Disclosure 


= Completeness: The auditor should ensure that all required disclosures related to accounts 
receivable and sales have been included in the notes to the financial statements. Revenue 
cycle disclosures include: 


e Revenue recognition method(s). 

e Revenue by reportable segment. 

e Related party revenues and receivables. 

e Receivables by type (trade, officer/employee, affiliates) and term (short term and long term). 
e  Pledged or discounted receivables. 


e Allowance for doubtful accounts related to the receivables and a discussion of the 
analysis to assess credit risk. 


e — Inclusion in receivables of amounts related to long-term contracts. 
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= Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to accounts receivable and sales to determine whether the information 
is accurate and presented at the appropriate amounts. 


= Rights and Obligations, and Occurrence: The auditor should determine whether any 
receivables have been pledged, assigned, or discounted and, if so, determine whether 
disclosure is required. The auditor should compare disclosures to other audit evidence to 
ensure that all disclosed information related to accounts receivable and sales has occurred. 


= Understandability of Presentation and Classification: The auditor should review 
accounts receivable balances to ensure proper presentation at net realizable value and 
for proper classification between current and long-term assets (generally current is 
appropriate). Additionally, the auditor should read all accounts receivable and sales related 
disclosures to ensure that they are understandable. 
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1 Internal Controls Related to the Expenditure Cycle 


1.1. Purchases 
The following three functions in a purchase transaction should be segregated: 


1. Purchase Requisition 


The purchase requisition begins the purchasing cycle. The department in need of the asset 
or services sends a properly approved, serially numbered requisition to the purchasing 
department. The requisitioning department should not have the authority to actually place 
the purchase order. This would indicate a weakness in the system of internal control. 


2. Purchase Orders 


Prior to placing the order, the purchasing department should request bids from various 
suppliers to make sure that the best price is obtained. Once properly approved, the 
purchasing department should create the purchase order, which will indicate the 
description, quantity, and related information for the goods and services that are being 
requested. For control purposes, it is best that prenumbered purchase orders be used. 
There should be multiple copies that will be sent to: (i) the requisitioning department; (ii) the 
vendor; (iii) the receiving department; and (iv) the accounting department. If the purchase 
order is canceled, all copies should be recalled and filed so that every purchase order 
number is accounted for. 


3. Receipt of Goods or Services 
The copy of the purchase order sent to the receiving department serves as an authorization 
to accept the goods or services when they arrive. It is preferable that the copy not indicate 
the quantity ordered so that the receiving department is forced to count the goods upon 
arrival. In addition, the description of the goods should be matched to the purchase order 
and the condition of the goods should be examined. A receiving report is prepared by 
the receiving department and forwarded to the accounting department. The goods are 
forwarded to the requisitioning department. 


1.2 Accounts Payable 


Once the accounting department obtains the receiving report, it will record the payable, approve 
the invoice for payment, and record the payment after it is paid by the treasurer. 


1. Recording the Payable 
The copy of the purchase order sent to the accounting department notifies it that there will 
be a future cash disbursement. The receiving report is compared with the purchase order 
and the vendor's invoice to confirm quantity and to prevent payment of charges for goods 
in excess of those ordered and received. The accounting department records the goods as 
received in inventory, and records a payable. 
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2. Approving Invoice for Payment and Recording Payment 
When the invoice arrives, the accounting department approves it by matching the invoice, 


purchase order, receiving report, and (sometimes) the requisition. When payment is 


AUD 4 


made, the payable is reversed. The accounting department should ensure that the invoice 
amount is correct, and that it accurately reflects any purchase discounts or returns, before 


approving it for payment. 


1.3. Cash Disbursements 


Ideally invoices should be paid by check. For effective controls, the functions of approving the 
payment and signing the checks should be segregated. Approved voucher packets (matched 
invoice, purchase order, receiving report, and requisition) prepared by the accounting 
department (accounts payable) are received by the treasurer, who prepares, signs, and mails the 
checks and cancels all supporting documents after payment. Paid vouchers are returned to the 
accounting department for posting of the payment and filing of the documents. 


1.4 


_ PURCHASING 
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Expenditures Flowchart 
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1.5 Testing Controls: Purchases 


Expenditure Cycle 


Department | Control Procedure Sample Test of Control Procedure 
Requisitioner Prepare prenumbered requisition. © Inspect requisitions for proper 
Obtain approvals needed approval 
(authorization). © Observe procedures to account for 
Send original copy to purchasing. prennimbenne: 
Inspect goods when received from 
receiving dept. Sign receiving 
report upon receipt of goods 
(independent check). 
Purchasing Receive approved requisition. © Inspect purchase orders for approved 
sion, 
Contact approved vendors. se aa 
© Observe procedures to account for 
Issued prenumbered purchase ventnaberin 
order (PO): P g 
e — Original to vendor 
© Blind copy to receiving 
© — Copy to A/P 
e File copy 
Receiving Receive goods from vendor. © Inspect receiving report and 


Inspect goods. All shipments 
received must have a PO. 


Prepare receiving report (RR). 


Match details of order received 
with blind copy of PO and indicate 
quantity received. 


Send goods to requisitioning 
department. Obtain signature on 
receiving report that requisitioner 
received goods. 


Distribute receiving report: 
© — Original to A/P 

© — Copy to purchasing 

e File copy 


matching PO. 


© Observe performance of procedures by 
receiving clerk. 


© Inspect receiving report for signed 
receipt (existence). 


© Trace a sample of receiving reports 
(selection made from prenumbered 
documents) to PO, requisition, invoice, 
and entry in the purchase journal and 
A/P master file (completeness). 
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Accounts 1. Receive vendor's invoice. © Inspect vouchers for supporting 
Payable on ae documents and evidence of 
y' 2. Match documents: vendor's invoice, : ‘ 
eae independent checks (existence). 
RR, PO, requisition. 
: Observe and reperform accountin 
3. Check mathematical accuracy, : p 8 
; for numerical sequence of vouchers 
approvals, G/L account coding (completeness) 
(independent check). : 
4 Bens bared ee Vouch a sample of vouchers (selection 
. Tne ree nave ee made from the purchases journal) to 
Account for the numerical sequence all required supporting documents 
of vouchers. (existence). 
6. Data entry: Observe evidence of independent 
® Prepare purchase journal check; reperform (valuation). 
e Update A/P master file 
© — Daily purchase summary 
7. Reconcile daily purchase summary 
totals and daily entries to 
purchases journal. 
Accounting 1. Receive purchase summary. Observe evidence of independent 
check; reperform. 
2. Post to G/L. ai 
; ; Observe evidence of independent 
3. Reconcile G/L and A/P file. sarees 
check; reperform (valuation, existence, 
4. Reconcile vendor's monthly completeness). 
statements and A/P master file 
(independent check). 


Segregation of Duties: 


Authorization: 
Record keeping: 
Custody: 
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Purchasing/requisitioning dept. 


Accounts payable/accounting 


Receiving 
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1.6 Testing Controls: Payables and Cash Disbursements 


Department | Control Procedure Sample Test of Control Procedure 
Accounts 1. Pull voucher at due date and send © Compare debits to accounts payable 
Payable to treasurer for payment. to properly cancelled voucher 
2. Receive cancelled voucher Packages (existence) 
and supporting documents © Trace from cancelled voucher packages 
from treasurer. to cash disbursement journal entries 
3. Receive check summary from Keompletences) 
treasurer for data entry. © Vouch cash disbursement journa 
for d y Vouch cash disb j | 
A. ‘Bats antne entries back to cancelled voucher 
. al packages (existence). 
e — Update A/P master file. 
e Print cash disbursements 
journal. 
Treasurer 1. Receive voucher for payment. © Observe performance of 
2. Review document for completeness INGEPEHEERIECHEEK: 
and approvals. © Observe accounting for sequence 
Prepare prenumbered checks. Keomipletentess): 
A. Peessrechecesumma © Inquire about procedures performed; 
: P ” ry: observe. Select checks for testing and 
Sign checks (authorized signatory) inspect signatures. 
hcl hale and supporting © Observe cancellation of vouchers by 
; check signer. 
Mail check to vendor. © Inquire about procedure. Observe 
7. Forward cancelled voucher/ performance. 
supporting documents to 
Accounts payable. 
8. Send copy of check summary: 
e Accounts payable 
e — Accounting 
Accounting 1. Receive check summary. © Observe procedures of posting 
and performing independent check 
2. Post to G/L. and reperform. 
Be, PERONE TINE pe NESE CEE OF e Inspect bank reconciliation. 
totals per check summary and 
amounts journalized and posted 
by A/P. 
4. Perform periodic independent 
bank reconciliation. 


Segregation of Duties: 


Authorization: 
Record keeping: 
Custody: 


Purchasing/requisitioning dept. 


Accounts payable/accounting 


Receiving (purchased item) and treasurer (cash) 
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2 Performing Specific Procedures to Obtain Evidence: 
The Expenditure Cycle 


2.1 Auditing Accounts Payable 


Ve Pass Key 


For accounts payable, the completeness and accuracy assertions are generally more 
relevant than the existence and rights and obligations assertions, because the risk of 
understatement is greater than the risk of overstatement. 


= Completeness: The auditor should perform the following procedures to ensure 
completeness of accounts payable: 


1. Agree the accounts payable listing to the general ledger. 
2. Obtain a sample of vendor statements and agree to the vendor accounts. 
3. Perform a search for unrecorded liabilities. 


—The auditor should select cash disbursements made subsequent to year-end and 
examine the supporting documentation (e.g., receiving reports, vendor invoices, etc.). 
The auditor looks for items that should have been recorded at the balance sheet 
date, but were not. 


—Note that cash disbursements made subsequent to year-end may be identified by 
reviewing the cash disbursements journal, subsequent bank statements, or the 
voucher register. 


—The auditor should also examine open vouchers, receiving reports, vendors' invoices, 
and statements received for a period after year-end as part of the search for 
unrecorded liabilities. 


= Valuation, Allocation, and Accuracy: The auditor should perform the following procedures: 


1. Obtain the accounts payable listing, foot the listing, and agree the listing to the 
general ledger. 


2. Obtain a sample of vendor statements and agree the amounts to the vendor accounts. 
3. Review the results of accounts payable confirmations (see below). 


= Existence and Occurrence: The auditor should vouch selected amounts from the accounts 
payable listing to the voucher packages. The auditor may also confirm accounts payable. 


e Accounts payable confirmations are not required because strong external evidence to 
support accounts payable is generally available. However, confirmations of accounts 
payable may be sent when the system of internal control is weak, when there are 
disputed amounts, or when monthly vendor statements are not available. Typically, 
vendors with small or zero balances would be selected for confirmation. Note that 
although confirmations are generally used to test existence, the accounts payable 
confirmation is primarily a test of completeness that also provides evidence of existence. 
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e Accounts payable confirmations are similar to those used for accounts receivable. 
Accounts payable confirmations are positive and generally "blank" (i.e., they do not state 
a balance). The objective is to determine whether accounts payable are understated at 
the balance sheet date. 


e The major limitation of accounts payable confirmations is that they may only be sent 
to vendors of record. If a material error were present in accounts payable, it would 
most likely involve unrecorded liabilities; therefore, no record would exist. Although 
accounts payable confirmations may have limitations, evidence of unrecorded liabilities 
eventually will surface when unpaid vendors stop delivering goods. 


Rights and Obligations: The auditor should review a sample of voucher packages for the 
presence of the purchase requisition, purchase order, receiving report, and vendor invoice 
to verify that the accounts payable are owed by the entity. 


2.2 Auditing Purchase Transactions 


The following substantive tests may also be performed as tests of controls or dual-purpose tests. 


Completeness: The auditor should trace a sample of vouchers to the purchase journal. The 
auditor should also account for the prenumbered sequencing of purchase orders, receiving 
reports, and vouchers. 


Cutoff: The auditor should compare dates on a sample of vouchers with the dates the 
transactions were recorded in the purchase journal. The auditor should also examine purchases 
before and after year-end to determine if they were recorded in the proper period. 


Valuation, Allocation, and Accuracy: The auditor should recompute the mathematical 
accuracy of a sample of vendor invoices. 


Existence and Occurrence: The auditor should test a sample of vouchers to confirm proper 
authorization and the presence of the receiving report. 


Understandability of Presentation and Classification: The auditor should verify the 
account Classification of a sample of purchases. 


2.3. Auditing Presentation and Disclosure 


Completeness: The auditor should ensure that all required disclosures related to accounts 
payable and purchases have been included in the notes to the financial statements. 
Required disclosures include: 


e Payables by type (trade, officer/employee, affiliates) and term (short term and long term) 
e Purchase contracts and purchase commitments 

e Related party purchases and payables 

e Expenses by segment 


Valuation, Allocation, and Accuracy: The auditor should read the footnotes and 
other information related to accounts payable and purchases to determine whether the 
information is accurate and presented at the appropriate amounts. 


Rights and Obligations, and Occurrence: The auditor should compare disclosures to other 
audit evidence to ensure that all disclosed information related to accounts payable and 
purchases has occurred. 


Understandability of Presentation and Classification: The auditor should read all 
accounts payable and purchase related disclosures to ensure that they are understandable. 
The auditor should determine whether material long-term payables or nontrade payables 
require separate disclosure. 
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3 Cash Cycle 


1 ‘Fraud Risk Related to the Cash Cycle 


Cash is an area with high fraud risk, especially when the system of internal control is weak. 
Lapping and kiting are two common cash fraud schemes. 
1.1. Lapping 


The theft of cash is often concealed by failing to account for cash receipts. The most common 
of these methods is known as lapping. Lapping occurs when an employee withholds funds 
received by a customer for personal use and fails to apply these receipts of cash or checks to 
the customer's receivable balance. The unrecorded receipt is covered by applying a subsequent 
receipt to the previously unrecorded account. 


Safeguards against lapping include the following: 

Independent comparison of recorded cash receipts with funds actually deposited. 
Separation of incoming receipts from subsidiary accounts receivable remittance advices. 
Comparison of the details of bank deposits and the details of remittance credits. 


Provision of timely statements. 


Confirmation of customer balances. 


One of the best methods to guard against lapping is use of a "lock box" system. In this system, 
customers send their payments directly to the bank, which prevents company employees from 
having access to payments received. A statement is then sent by the bank to the company so the 
cash can be applied in the general ledger to the outstanding receivable balance. 


1.2 Kiting 


Kiting occurs when a check drawn on one bank is deposited in another bank and no record 
is made of the disbursement in the balance of the first bank until after year-end. Kiting may 
be used to cover a cash shortage or to pad a company's cash position. Kiting results in an 
intentional overstatement of cash in the financial statements as the cash is simultaneously 
reflected in two different bank accounts. 


To detect kiting effectively, a bank transfer schedule should be prepared. For any bank-to-bank 
transfers that occur near year-end, the disbursement date on the check and in the ledger for the 
disbursing account should precede the receipt date noted by the bank and in the ledger for the 
receiving account. 


To ensure that kiting has not occurred, evidence should exist that all deposits in transit and 
outstanding checks listed on the bank reconciliation at year-end cleared in the next period. This 
information can be confirmed by using a bank cutoff statement. 


© Becker Professional Education Corporation. All rights reserved. Module 3 A4-21 


Cash Cycle AUD 4 


2 Controls Related to the Cash Cycle 


Segregation of duties is a key control over cash. Proper segregation of duties demands that close 
consideration be given to check-writing authority. Separation of cash handling, record keeping, 
and reconciliation of bank statements should exist, as well as separation of petty cash activities. 
A strong system of internal control for cash would also include the use of a voucher system for 
cash disbursements. 


3 Performing Specific Procedures to Obtain Evidence: 
The Cash Cycle 


3.1 Auditing the Cash Balance 


= Completeness, Valuation and Allocation, Existence: The primary audit procedures 
performed to test the completeness, valuation and allocation, and existence of the ending 
cash balance are the bank confirmation and the audit of the year-end bank reconciliation. 


. 2 . 7 
Bank Confirmation: STANDARD FORM TO CONFIRM ACCOUNT 


The standard bank BALANCE INFORMATION WITH FINANCIAL INSTITUTIONS 
confirmation should be Sa 

sent to all banks with CUSTOMER NAME 
which the client has ° ” 

done business during Financial 

the year, regardless Nema and 

of whether there is cherie hit 

a year-end balance 1. At the close of business on the date listed above, our records indicated the following deposit balance(s): 

to confirm. This is ACCOUNT NAME ACCOUNT NO. INTEREST RATE BALANCE* 


done because the 
bank confirmation, in 
a d d i ti on to ve rifyi n g 2. We were directly liable to the financial institution for loans at the close of business on the date listed above as follows: 


year-end balances, DESCRIPTION OF COUATERAL 
about actual loans, 

contingent liabilities, 
discounted notes, (Customers Authored Signature) a 


p le dged (ae) | | ate fa | an d The information presented above by the customer is in agreement with our records. Although we have not conducted a comprehensive, detailed search 
if . of our records, no other deposit or loan accounts have come to our attention except as noted below. 
guarantee or security 


agreements. A sample TBinancal nstution Authorized Signature) 
bank confirmation is _ 
shown here. EACEPTIONS AND/OR COMMENTS 


Please return this form directly to our accountants: [ 


[ 


* Ordinarily, balances are intentionally left blank if they are not available at the time the form is prepared. 


Approved 1990 by American Bankers Association, American Institute of Certified Public Accountants, and Bank Administration 04515951 
Institute. Additional forms available from: AICPA — Order Department, P.O. Box 1003, NY, NY 10108-1003 
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e Bank Reconciliation: The year-end bank reconciliation for every account should be 
tested by: 


1. Footing the bank reconciliation and the list of outstanding checks. 


2. Agreeing the balance per the books on the year-end bank reconciliation to the 
general ledger. 


3. Agreeing the balance per the bank on the year-end bank reconciliation to the 
balance per the bank confirmation. 


4. Agreeing deposits in transit and outstanding checks to the cutoff bank statement. 
The cutoff bank statement is obtained by the auditor from the bank and covers the 
first 10 to 15 days of the period after year-end. Reconciling items should generally 
clear during the 10- to 15-day period. Any item that does not clear should be 
investigated by the auditor and resolved with the client if necessary. 


3.2 Auditing Cash Receipts and Cash Disbursements 


The following tests of details are generally performed as dual-purpose tests. 


= Completeness: For cash receipts, the auditor should trace a sample of remittance advices 
to the cash receipts journal and deposit slips. For cash disbursements, the auditor should 
trace a sample of canceled checks to the cash disbursements journal. 


= Cutoff: The auditor should verify the cutoff of cash receipts and cash disbursements 
shortly before and after year-end for recording in the proper period. The auditor should 
also compare the dates for recording a sample of cash receipts with the dates the cash was 
deposited in the bank, and the dates for recording a sample of checks with the dates the 
checks cleared the bank, noting any significant delays. 


= Valuation, Allocation, and Accuracy: For cash receipts, from a sample of daily deposits, 
the auditor should foot the remittance advices and entries on the deposit slip and agree to 
the cash receipts journal and bank statement. For cash disbursements, from a sample of 
voucher packages, the auditor should agree the purchase order, receiving report, invoice, 
cancelled check, and disbursement journal. 


=m Existence and Occurrence: For cash receipts, the auditor should vouch a sample of entries 
in the cash receipts journal to remittance advices, deposit slips, and the bank statement. 
For cash disbursements, the auditor should vouch a sample of entries from the cash 
disbursements journal to canceled checks, the voucher package, and the bank statement. 


= Understandability of Presentation and Classification: The auditor should examine a 
sample of remittance advices and canceled checks for recording in the proper account. 


3.3. Auditing Presentation and Disclosure 


= Completeness: The auditor should ensure that all required disclosures related to cash 
have been included in the notes to the financial statements. Required disclosures related to 
cash include: 


e — Policy defining cash and cash equivalents. 
e — Restrictions on cash, including sinking fund requirements. 


e Compensating balance requirements. 
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Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to cash to determine whether the information is accurate and 
presented at the appropriate amounts. 


Rights and Obligations, and Occurrence: The auditor should compare disclosures to other 
audit evidence to ensure that all disclosed information related to cash has occurred. 


Understandability of Presentation and Classification: The auditor should read all cash- 
related disclosures to ensure that they are understandable. 
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1 Controls Related to the Inventory Cycle 


Controls over inventory purchases and sales were covered in the sections on the revenue cycle 
and the expenditure cycle. For inventory held by the entity, a proper system of internal control 
includes adequate safeguarding of inventory and proper segregation of duties. 


The following duties should be segregated: 


1. Purchasing 


Serially numbered, properly approved purchase orders should be prepared and issued to 
the accounting and receiving departments. 


2. Receiving 


The receiving department is solely responsible for the receipt of goods. This department is 
responsible for verification of quantities received, detection of damaged goods, preparation 
of a receiving report, and delivery of goods received to the warehouse department. The 
receiving department should receive a copy of the purchase order that does not indicate the 
quantity ordered so the receiving department is forced to count the goods upon arrival. 


3. Warehouse 
The warehouse department acts as custodian for the verified quantity of goods received. 
4. Shipping 


The shipping department is responsible for shipment of goods after authorization (in the 
form of an approved sales order from the credit department). 


2 Performing Specific Procedures to Obtain Evidence: 
The Inventory Cycle 


2.1 Auditing the Inventory Balance 


The observation of the beginning and ending physical inventory counts is a required generally 
accepted auditing procedure. Attendance by the auditor at the physical inventory count involves 
the following dual-purpose tests: 


1. evaluating management's instructions and procedures for the inventory count; 
2. observing the performance of management's count procedures; 

3. inspecting the inventory to ascertain its existence and condition; and 

4. performing test counts. 


An auditor who is not present to observe the physical inventory must use alternative procedures 
to justify any opinion expressed. This is acceptable when it is impractical or impossible to 
observe physical inventory, or when inventories are not material. 
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If the company maintains a well-kept perpetual inventory system and performs physical cycle 
counts throughout the year to ensure accuracy, the auditor may observe the inventory before 
or after year-end if necessary. If inventory counting is done at a date other than the date of the 
financial statements, the auditor should obtain evidence about whether changes in inventory 
between the count date and the financial statement date are recorded properly. If the assessed 
level of control risk is high, the observation procedures should be performed at year-end. 


The auditor should observe the physical inventory count of goods held off-site in public 
warehouses or on consignment if the inventory held therein is significant; otherwise, 
confirmation of such inventory is sufficient. 


2 Pass Key 


Candidates sometimes believe that "inventory observation" implies that the auditor counts 
the client's inventory. This is not the case—the client counts the inventory, and the auditor 
simply observes. The auditor may make test counts of certain items, but generally the 
auditor would not count the client's entire inventory. 


Auditing the Inventory Cycle 


Company 
Inventory 


Company 


Prenumbered 
inventory tags 
Accuracy 
tM 


= 


= Completeness: In conjunction with the inventory observation, the auditor should test 
the physical inventory report by tracing test counts to the report, thereby verifying its 
completeness. The auditor should also select from a sample of prenumbered inventory tags 
and trace to the physical inventory report sheets to test their completeness. 


= Valuation, Allocation, and Accuracy: The auditor should perform the following procedures: 


1. Test the mathematical accuracy of the inventory report and reconcile it to the general 
ledger inventory accounts. 


2. Inquire about obsolete or damaged goods, scan the perpetual records for slow-moving 
items, and be alert during the inventory observation for damaged goods or signs of 
obsolescence. 


3. Examine vendor invoices, review direct labor rates, test the computation of standard 
overhead rates, and examine standard cost variance analyses. These prices and rates 
can then be applied to a sample of inventory items to determine whether the inventory 
is valued appropriately. 


A4-26 Module 4 © Becker Professional Education Corporation. All rights reserved. 


AUD 4 Inventory Cycle 


Existence and Occurrence: The primary purpose of the observation of the client's 
inventory count is to establish the existence of inventory. During the observation, the 
auditor should verify the existence of a sample of items in the physical inventory report by 
locating and performing test counts of the items. The auditor should also test the existence 
of the items on the client's inventory report sheets by vouching a sample of items from the 
inventory report sheet to the corresponding prenumbered inventory tags. 


Rights and Obligations: The auditor should ascertain that consigned inventory on hand 

is excluded from the physical inventory count, whereas consigned goods in the hands of 
consignees are included in inventory balances. The auditor should also confirm that any 
inventory held off-site is properly accounted for at year-end. In addition, inventory in transit 
at year-end should be properly accounted for based on shipping terms. 


2.2 Auditing Inventory Transactions 


Inventory sales and purchases should be audited as part of the audits of the revenue cycle and 
the expenditure cycle. 


2.3 Auditing Presentation and Disclosure 


Completeness: The auditor should ensure that all required disclosures related to inventory 
have been included in the notes to the financial statements. Inventory disclosures include: 


e Cost method (LIFO, FIFO, weighted average) and valuation method (net realizable value 
or lower of cost or market). 


e Raw materials, work-in-process, and finished goods inventory balances. 

e Consigned inventory. 

e  Pledged or assigned inventory. 

e Significant losses from inventory write-downs or purchase commitments. 
e Warranty obligations. 


Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to inventory to determine whether the information is accurate and 
presented at the appropriate amounts. 


Rights and Obligations, and Occurrence: The auditor should determine that inventory- 
related obligations have been properly disclosed by inquiring of management and reviewing 
loan agreements and minutes for evidence that inventory has been pledged or assigned. 
The auditor should also inquire about warranty obligations. The auditor should compare 
disclosures to other audit evidence to ensure that all disclosed information related to 
inventory has occurred. 


Understandability of Presentation and Classification: The auditor should read all 
inventory-related disclosures to ensure that they are understandable. The auditor should 
review inventory records for proper classification between raw materials, work in process, 
and finished goods. 
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1 Controls Related to the Investment Cycle 


Controls over investments require strong segregation of the following duties: 


= Authorization of Purchase or Sale of Investments: Ideally, the board of directors should 
authorize the purchase or sale of investments. 


= Custody of Investments: An independent, third-party custodian is recommended but, at 
minimum, custody should take the form of joint control by two company officials with the 
investments kept in a safe-deposit box. If held by the company, the investments should be 
periodically counted and reconciled with the investment subsidiary ledger by a party not 
associated with the investments. 


= Record Keeping: A separate party from those mentioned above must keep detailed records 
of the investments. 


Controls should also exist regarding processing and fair value measurement. The initial 
classification of investments as trading, available-for-sale, or held to maturity significantly 
impacts subsequent reporting. Controls surrounding fair value estimates, whether inside the 
company or outside the company (should a third party be used to assess fair value), also must 
be understood. 


2 Performing Specific Procedures to Obtain Evidence: 
The Investment Cycle 


Sufficient audit evidence must be obtained by the auditor for investments which may be in the 
form of debt and equity investments, and loan and advance accounts. 


Substantive tests of details related to the investment cycle generally focus on the ending balance 
in the investment accounts and presentation and disclosure. Analytical procedures are used to 
test the reasonableness of related gains and losses and investment income. 


2.1 Auditing the Investment Balance 


= Completeness: The auditor should obtain evidence of completeness of the ending 
investment balance through the following procedures: 


1. If the entity has a high volume of material investment transactions, the auditor should 
search for unrecorded purchases of securities by examining transactions for a few days 
after year-end. 


2. The auditor should confirm securities held by the third-party custodian or count 
securities on hand to determine that all securities have been recorded, although these 
are primarily tests of existence. 
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= Valuation and Allocation: The auditor should perform the following procedures: 


1. Obtain and foot a listing of investments by category (trading, available-for-sale, held- 
to-maturity, and equity method) and agree the totals to the general ledger. 


2. Review the schedule of investment activity and obtain evidence of any additions and 
subtractions that occurred during the year. 


3. Obtain evidence corroborating the quoted year-end fair value by comparing assigned 
values to prices published by various sources (exchanges registered with the SEC or 
other reliable sources of financial information) or obtained from a third party, such as 
an independent broker-dealer or appraiser. 


4. Recalculate the ending values of investments not reported at fair value. Investments 
classified as held-to-maturity should be valued at amortized cost at year-end. 
Investments in another entity where significant influence exists and ownership is 
between 20 percent and 50 percent should be accounted for using the equity method. 


5. Determine whether there has been any permanent impairment in the value of 
individual securities. 


6. Assess the reasonableness and appropriateness of assumptions, market variables, and 
valuation models, and of any decline in fair value. 


= Existence: The two primary tests of existence of investments are confirmations of securities 
held by third parties and examination of securities on hand. A third test of existence is 
analytical procedures over interest earned. 


1. Confirmations should be requested from the custodian for securities that are in the 
possession of third parties. It is also advisable to send confirmations to the broker- 
dealer and to counterparties concerning any unsettled transactions. 


2. An examination of the securities on hand should be made to coincide with the 
examinations of other liquid assets, such as cash. This procedure prevents the 
concealment of theft by making it impossible for one asset to serve as a substitute for 
another (e.g., to conceal a stolen asset). The face of the instrument should be examined 
to determine if ownership is correctly recorded. The auditor should record the details 
of the security count on a worksheet, which should also include an acknowledgement 
by the client that the securities were returned intact. If a safe-deposit box is used, 
the securities should be counted on the balance sheet date, or the bank should 
be requested to seal the box until the count is later completed. 


3. Thereis an expectation that interest earned on an investment in a debt security will 
agree to the effective interest rate when the security was purchased. The auditor may 
perform analytical procedures to obtain evidence that the interest earned does not 
materially differ from the expectation as evidence of existence of the security. 


= Rights and Obligations: The confirmation of securities and the count of securities on hand 
provide evidence of the entity's ownership of investments. Additionally, the auditor may 
examine broker's advices for a sample of securities purchased during the year to verify the 
entity's ownership. 


2.2 Auditing Investment Transactions 


= Completeness: The auditor should perform analytical procedures testing the 
reasonableness of dividend and interest income to determine that all investment income 
has been recorded. 


= Cutoff: A cutoff review should be performed to ensure that purchases, sales, and 
investment income were recorded in the proper period. 
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= Valuation, Allocation, and Accuracy: Independent calculations should be made to 
determine the validity of recorded gains or losses from security sales and of discount 
and premium amortization. In addition, a recalculation should be made to determine the 
accuracy of recorded dividend and interest income. Investment income from dividends 
may be recalculated by comparing recorded income with dividend records produced by 
investment advisory services such as Moody's. 


=m Existence and Occurrence: The analytical procedures performed to test the 
reasonableness of dividend and interest income provide evidence of the existence of 
investment income. 


= Understandability of Presentation and Classification: The auditor should examine a 
sample of investment transactions to determine that the transactions were recorded in 
the proper accounts. For example, unrealized gains and losses on available-for-sale debt 
securities should be recorded in other comprehensive income, and unrealized gains and 
losses on equity investments and debt investments classified as trading securities should be 
recorded in earnings. 


2.3. Auditing Presentation and Disclosure 


= Completeness: The auditor should ensure that all required disclosures related to 
investments have been included in the notes to the financial statements. 


= Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to investments to determine whether the information is accurate and 
presented at the appropriate amounts. 


= Rights and Obligations, and Occurrence: The auditor should inquire of management and 
review loan agreements, minutes, and other documents to determine whether investments 
have been pledged as collateral. The auditor should compare disclosures to other audit 
evidence to ensure that all disclosed information related to investments has occurred. 


= Understandability of Presentation and Classification: The auditor should read required 
disclosures for understandability, and review and evaluate the methods used to account for, 
classify, and value securities. 


3 Auditing Particular Types of Investments 


3.1 Marketable Securities 


Equity securities and debt securities classified as trading or available-for-sale over which the 
investor has no significant influence should be carried at fair value, and classification of Level 1, 
2, or 3 should be disclosed in the footnotes. Held-to-maturity debt securities should be carried at 
amortized cost. 


Equity investments and debt investments classified as trading securities are always reported 
as current assets with unrealized gains and losses reported in net income. Available-for-sale 
debt securities and held-to-maturity debt securities are reported as current or long-term based 
on management's intent to hold versus sell. Unrealized gains and losses on available-for-sale 
securities are reported in other comprehensive income. 


The auditor should inquire of management and obtain written representation concerning 
management's intent and ability with respect to holding versus selling securities in the near term. 
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3.2. Investments in Securities When Valuations Are Based on 
the Investee's Financial Results 


When investments in securities are valued based on an investee's financial statements 
(excluding equity method investments), the auditor should perform the following procedures to 
obtain audit evidence regarding the investee's financial results: 


1. Obtain and read the financial statements and audit report of the investee. 


2. If the financial statements are not audited or the audit report is not satisfactory, request 
that the entity arrange with the investee to have the financial statements audited. 


3. If the carrying amount of the investment reflects factors that are not recognized in the 
investee's financial statements or fair values that are materially different from the investee's 
carrying amounts, obtain sufficient appropriate evidence regarding such amounts. 


4. lf the difference between the financial statement periods of the entity and the investee could 
have a material effect on the entity's financial statements, determine whether management has 
considered the lack of comparability and determine the effect, if any, on the auditor's report. 


4 Investments Measured at Fair Value 


4.1 Measuring Fair Value 


Certain financial assets and liabilities, such as marketable securities are presented or disclosed 
at fair value in the financial statements. 


Fair value is defined as the amount at which an asset could be sold (or the amount at which a 
liability could be settled) in a current transaction between willing parties at the measurement 
date. A three-level hierarchy is used to measure fair value. 


=m Level 1: Observable quoted prices in active markets for identical assets or liabilities. 


Quoted prices from national exchanges or over-the-counter markets are available from 
national publications and the exchanges, and generally are considered to provide sufficient 
evidence of the fair value of the derivatives and securities. If a quoted market price is 
available, this should be the method used to determine the fair value of the investment. 


m= Level 2: Observable inputs other than quoted market prices for identical assets or liabilities. 


When quoted prices for identical assets or liabilities are not available, the next consideration 
is whether there are other directly or indirectly observable inputs. The most common of 
these observable inputs are quoted prices for similar assets or liabilities in active markets 
and quoted prices for identical or similar assets in markets that are not active. 


=m Level 3: Unobservable inputs using estimates and valuation methods, such as discounted 
cash flow, determined based on management's judgments. 


If quoted prices are not available, estimates of fair value may be available from broker- 
dealers or other third-party sources based on proprietary valuation models or from the 
entity based on an internal valuation model. The auditor should ensure that the pricing 
source does not have a relationship that would impair objectivity in determining fair value. 
The auditor should also consider obtaining further estimates if subjective information was 
used in the valuation process. 
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Fair value measurements may arise from both the initial recording of a transaction and later 
changes in value. Changes in fair value measurement may be treated in different ways under 
GAAP (e.g., included in net income, reflected in other comprehensive income and equity, etc.). 


4.2 Management's Responsibility 


Management is responsible for making fair value measurements and disclosures in accordance 
with GAAP. 


When a Level 3 valuation is used to estimate fair value, an appropriate valuation method should 
be used. The method should incorporate assumptions that a market participant would use. 
These assumptions must be identified and supported in the fair value disclosures included in the 
financial statements. 


4.3 Auditor's Responsibilities 


Fair value measurements are a type of accounting estimate and all audit requirements related 
to accounting estimates apply to fair value measurements. The auditor should obtain sufficient 
appropriate audit evidence to provide reasonable assurance that fair value measurements and 
disclosures are in conformity with GAAP. The auditor should: 


= Understand the entity's process for determining fair value measurements and disclosures 
and the applicable financial reporting framework. 


=m Understand identified controls. 
=m Separately assess the inherent risk and control risk related to the fair value measurement. 


= Evaluate whether the methods, data, and assumptions used are reasonable and in 
conformity with GAAP. 


Consider the need for a specialist. 
Evaluate the fair value measurement for indicators of potential management bias. 
Evaluate whether fair value measurements disclosures are in conformity with GAAP. 


Evaluate the sufficiency and appropriateness of evidence obtained. 


Obtain relevant management representations (e.g., relating to the reasonableness of 
methods, data, and assumptions used; management's intent and ability to carry out 
planned courses of action; completeness and adequacy of disclosure; the effect of 
subsequent events, etc.). 


= Communicate relevant matters to those charged with governance (e.g., matters related to 
the auditor's view on the appropriateness of the accounting policies related to fair value 
measurements). 


The auditor bases his or her evaluation on information available at the time of the audit, and 
is not responsible for predicting future conditions that, if known at the time of the audit, might 
have affected fair value measurements and disclosures. 
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4.4 Testing Fair Value Measurements and Disclosures 


In testing an entity's fair value measurements and disclosures, the auditor may: 
= Verify quoted market prices. 


= Determine whether management's significant assumptions provide a reasonable basis for 
fair value measurements, including understanding any changes from the prior period. 


= Consider management's intent and ability to carry out courses of action that may affect 
fair values. 


= Determine whether modifications made to observable information reflect assumptions that 
market participants would use when pricing the instrument. 


= Evaluate whether the valuation model is appropriate given the entity's circumstances and 
the applicable financial reporting framework. 


=m Test the underlying data for relevance, reliability, and susceptibility to management bias. 
= Develop an auditor's point estimate or range. 


=m Review subsequent events and transactions (occurring before the date of the auditor's 
report) for evidence regarding fair value measurements at the balance sheet date. 


= Consider the use of a specialist. If a specialist is used, the auditor must understand the 
methods used to determine fair values. 


4.5 Using Pricing Information From Third Parties as Evidence 


Auditors may obtain evidence about the fair value of instruments by obtaining pricing 
information from organizations that routinely provide uniform pricing information to users 
("pricing services") or broker-dealers. 


4.5.1 Pricing Services 


The reliability of pricing information depends on the nature and source of the evidence and 
the circumstances under which it is obtained. Reliability of pricing services is affected by the 
experience and expertise of the pricing service, methodology used, and whether the pricing 
service has a relationship with the entity. 


Relevance of pricing information refers to its relationship with the assertion or the objective of 
the control being tested. Relevance of pricing information is affected by the basis of fair value 
measurement (i.e., based on identical, similar, or no recent transactions). When the fair value 
measurement is based on an identical instrument, this provides more persuasive evidence than 
if the instrument has no recent transactions and is based on assumptions of the pricing service. 


When using information from multiple pricing services, less information is needed about the 
particular methods and inputs used by the individual pricing services. 


4.5.2 Broker-Dealers 


When a fair value measurement is based on a quote from a broker or dealer, the relevance and 
reliability is based on whether the broker or dealer is a market maker for similar instruments 
(i.e., creates a market to help facilitate buying or selling of instrument); whether the broker or 
dealer has a relationship with the entity; whether the quote reflects current market conditions 
as of the financial statement date; whether the quote is binding on the broker or dealer; and 
whether there are limitations in the quote. Broker quotes generally provide more relevant and 
reliable evidence when they are timely, binding quotes, without any restrictions, limitations, 

or disclaimers, from unaffiliated market makers transacting in the same type of financial 
instrument. 
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4.6 Impairment Indications 


Regardless of the valuation method used, an impairment loss resulting from a decline in fair 
value that is other than temporary may need to be recorded. If an impairment loss has been 
recorded, the auditor should evaluate management's basis for the decision. If an impairment 
loss has not been recorded the auditor should consider whether the following situations exist 
that could indicate the need for an impairment loss: 


= Fair value is significantly below cost and: 


e The decline is attributable to adverse conditions specifically related to the security or to 
specific conditions in an industry or in a geographic area. 


e The decline has existed for an extended period of time. 


e Management does not possess both the intent and the ability to hold the security for a 
period of time sufficient to allow for any anticipated recovery in fair value. 


m The security has been downgraded by a rating agency. 
= The financial condition of the issuer has deteriorated. 


= Dividends have been reduced or eliminated, or scheduled interest payments have not 
been made. 


=m The entity recorded losses from the security subsequent to the end of the reporting period. 
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Other Transaction 
Cycles 


1 ‘Property, Plant, and Equipment Cycle 


Property, plant, and equipment (PP&E) includes all tangible assets with service lives greater than 
one year that are used in the operation of a business and are not acquired for resale. The major 
transactions associated with these assets are purchases, repairs and maintenance, depreciation, 
disposal, and leasing. 


1.1 Controls Related to the PP&E Cycle 


The system of internal control for property, plant, and equipment includes the controls in both 
the revenue and expenditure cycles as well as the following special controls: 


= Acquisition: A special requisition form is generated for acquisitions. This form includes 
a description, reason for acquisition, amount to be charged, and probable cost, and it 
should be approved by top management. Acquisitions are tied to the capital budget, which 
the board of directors usually approves. Variances from this budget should be promptly 
investigated. The board of directors should also approve acquisitions of assets over 
a certain amount, regardless of whether these assets are purchased or constructed. 


The auditor should ascertain that company policy was followed and that fixed asset 
purchases were properly authorized. 


= Subsidiary Ledgers: Detailed information concerning each asset is kept in the subsidiary 
ledger. Usually information including the asset's description, identification number, location, 
acquisition date, cost, depreciation method, and amount of depreciation can be found in 
this ledger. 


= Physical Security: Fixed assets should have identification plates. The serial number on the 
plate should be listed in the control account. Physical controls to safeguard assets from 
theft, destruction, or unauthorized disposition should also be in place, including periodic 
physical inspection of plant and equipment. 


Comparison of the serial number on the identification plate to that listed in the control 
account should be made. The auditor should also determine whether there are appropriate 
controls in place to safeguard fixed assets and prevent theft or destruction. 


= Written Policies: Written depreciation policies and records should be maintained. 
Specific capitalization policies are also necessary to prevent misstatement of revenues 
and expenses. 


= Disposition: Retirements of assets should be documented on a sequentially numbered 
work order containing evidence of proper authorization and the reason for retirement. 
This asset retirement order form is the basis for recording any cash received and for 
removing the asset and its accumulated depreciation from the subsidiary ledger. There 
should be a proper segregation of duties between authorization and custody (e.g., those 
who authorize a disposal should not be permitted to actually dispose of the asset). 
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1.2 Performing Specific Procedures to Obtain Audit Evidence: 
Property, Plant, and Equipment 


1.2.1 Auditing the Property, Plant, and Equipment Balance 


= Completeness: The auditor should obtain and foot the fixed asset schedule and agree the 
total to the general ledger, obtain and foot a schedule of additions and dispositions of fixed 
assets and agree amounts to the fixed asset schedule, and select a sample of actual fixed 
assets and trace to the fixed asset subsidiary ledger. 


= Valuation and Allocation: The auditor should recalculate accumulated depreciation for 
reasonableness. The auditor should also evaluate fixed assets for impairment by examining 
the entity's documented impairment analysis, identifying circumstances that could indicate 
that the book value of fixed assets is not recoverable, and reperforming the entity's 
impairment analysis to determine whether recorded impairment losses are reasonable. If the 
entity uses IFRS, the auditor should verify the reasonableness of any fixed asset revaluations. 


=m Existence: The auditor should vouch additions to the fixed asset accounts by examining 
internal documents (such as the asset requisition form), by examining external evidence 
(such as invoices), and by inspecting the actual asset. The auditor should also consider 
selecting older fixed assets from the subsidiary ledgers and then locating those assets, as a 
means of testing for unrecorded retirements. 


= Rights and Obligations: The auditor should examine invoices, deeds, and title documents 
to confirm ownership of fixed assets. 


1.2.2 Auditing Property, Plant, and Equipment Transactions 
The following tests of details can be performed as dual-purpose tests. 


= Completeness: The auditor should trace a sample of fixed asset purchase requisitions 
to receiving reports and the fixed asset subsidiary ledger. The auditor should also review 
the related repair and maintenance expense accounts to test for completeness of asset 
additions. The auditor is looking for items recorded as repairs that should have been 
capitalized. The auditor also should review lease and rental agreements to ensure that 
finance leases are properly recorded and that operating leases are excluded. 


L Pass Key 


The examiners sometimes try to trick candidates with questions about the repairs and 
maintenance account. Keep in mind that the auditor often reviews this account in order to 
locate items that should have been capitalized. 


= Cutoff: The auditor should review fixed asset purchases and dispositions from shortly 
before and after year-end for recording in the proper period. 


= Valuation, Allocation, and Accuracy: Depreciation expense should be recalculated 
for reasonableness and conformity with GAAP. Gains and losses and the removal 
of accumulated depreciation for fixed assets sold or retired should be tested for 
reasonableness. 
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Existence and Occurrence: The auditor should vouch a sample of purchases to the 
receiving report and vendor invoice and a sample of dispositions to the asset retirement 
form and other supporting documentation. 


Understandability of Presentation and Classification: The auditor should examine a 
sample of significant charges to repairs and maintenance expense for items that should 
have been capitalized (also a completeness test) and should review lease transactions for 
proper classification as operating or finance. 


1.2.3 Auditing Presentation and Disclosure 


2 


2:1 


Completeness: The auditor should ensure that all required disclosures related to 
fixed assets have been included in the notes to the financial statements. Required 
disclosures include: 


e Depreciation methods and useful lives. 

e Depreciation expense for the period. 

e Balance of each class of capital assets by nature or function. 
e Accumulated depreciation allowances by class or in total. 

e Liens and mortgages. 

e Finance and operating lease information. 


Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to fixed assets to determine whether the information is accurate and 
presented at the appropriate amounts. 


Rights and Obligations, and Occurrence: The auditor should inquire of management and 
review loan agreements, minutes, and other documents to determine whether fixed assets 
have been pledged as collateral. The auditor should compare disclosures with other audit 
evidence to ensure that all disclosed information related to fixed assets has occurred. 


Understandability of Presentation and Classification: The auditor should also read 
required disclosures for understandability. 


Payroll and Personnel Cycle 


Controls Related to the Payroll and Personnel Cycle 


The most significant payroll and personnel cycle risks are the creation of fictitious employees 
and the falsification of hours worked. 


2.1.1 Service Organizations 


Many entities use service organizations to process payroll transactions. The service 
organization's services are considered to be part of a user entity's information system when 
those services affect the initiation, execution, processing, or reporting of the user company's 
transactions. In such cases, the controls placed in operation by the service organization are 
considered to be part of the user organization's information system. 
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2.1.2 Segregation of Duties 


Even when a service organization is used, there should be a proper segregation of duties, as follows: 


= Authorization to Employ and Pay: It is the function of the human resources department 
to hire new employees (on the basis of requisitions from user departments) and to maintain 
the personnel records containing hire date, department, salary, and position. 


= Supervision: All pay base data (hours, absences, time off, etc.) should be approved by an 
employee's immediate supervisor. 


= Timekeeping and Cost Accounting: Data on which pay is based, such as hours worked or 
jobs completed, should be accumulated independent of any other function. 


Where there are employees who are paid by the hour, it is advisable to use time clocks. Each 
department supervisor should compare the job time tickets with employee clock cards that 
have been signed by the employee. Salaried employees do not usually complete time sheets, 
although they may be required to submit reports for vacation, sick leave, and overtime. 


= Payroll Check Preparation: The payroll department computes salary based on information 
received; for example, total hours worked for hourly employees. If a service organization 
is not used, this department is responsible for issuing the unsigned payroll checks that are 
later signed by the treasurer or the CFO. If a check signature plate is used to sign the payroll 
checks, the treasurer or CFO should supervise this process. There should be controls over 
access to blank checks and check signature plates. 


ve Pass Key 


Remember that the payroll department is a record-keeping department, not a custodial 
department. Although employees in this department compute salaries, create the payroll 
register, and prepare unsigned checks, they should have neither the authority to initiate 
changes in hours or rates, nor the ability to sign checks. 


= Check Distribution: In many companies, payroll checks are deposited directly into 
employees’ bank accounts. If paychecks are manually distributed, then the payroll checks 
should be distributed by a person who has no other payroll function. In larger corporations, 
this individual is often referred to as the paymaster. 


Employees should be required to show some form of identification before receiving their 
paychecks. Unclaimed payroll checks should be investigated by an independent party. 


The internal auditing department periodically compares the personnel files with the payroll 
files. This is to help ensure that only authorized payments have been made in the proper 
amounts to appropriate personnel. 


2.1.3 Evaluating the System of Internal Control 


The auditor should evaluate whether controls provide reasonable assurance that only valid 
employees are being paid, that payment is for the actual hours worked, and that the correct rate 
of pay is used. The following procedures should be performed: 


=m Observe segregation of duties between human resource responsibilities and payroll distribution. 


= Compare the personnel records for each department with the actual time cards and the 
employees actually working in each department. 
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= Observe payroll distribution on an unannounced basis to ensure that all personnel being 
paid are actually employed by the company. 


Observe the use of time clocks and investigate time cards not used. 
=m Test transfers and underlying employee authorizations if direct deposit is used. 


= Test general and application controls to ensure that payroll transactions are valid, properly 
authorized, and completely and accurately recorded. For example, hours worked should be 
compared to predetermined minimums and maximums (a range test), or to prior periods (a 
reasonableness test). 


= Test to ensure that only employees existing in the computer data files are accepted 
when entered. 


2.2 Performing Specific Procedures to Obtain Evidence: 
The Payroll and Personnel Cycle 


2.2.1 Auditing the Payroll Accrual 


When the system of internal control over payroll is effective, the auditor generally focuses 
substantive procedures on analytical procedures and the recalculation of payroll accruals (valuation 
assertion). Tests related to completeness, existence, and rights and obligations are generally 
performed only when the entity's system of internal control over payroll cannot be relied upon. 


= Completeness: The auditor should test the completeness of the payroll accrual when 
performing the search for unrecorded liabilities. 


= Valuation and Allocation: The auditor should recalculate any year-end payroll accrual and 
compare the calculated amount to the reported accrual. 


=m Existence: The auditor should vouch amounts from the client's calculation of the payroll 
accrual to supporting documentation. 


= Rights and Obligations: The auditor should examine supporting documentation to verify 
that the payroll accrual is an obligation of the entity. 


2.2.2 Auditing Payroll Transactions 
The following tests of details can be performed as dual-purpose tests. 
= Completeness: The auditor should trace a sample of time cards to the payroll register. 


= Cutoff: The auditor should examine a sample of time cards from before and after year-end 
and compare with the payroll report to determine whether the transactions were recorded 
in the proper period. 


= Valuation, Allocation, and Accuracy: The auditor should test the accuracy and valuation of 
payroll expense by performing the following procedures: 


e Compare total recorded payroll with total payroll checks issued. 

e Test extensions and footings of payroll. 

e Verify pay rates and payroll deductions with employee records from personnel. 
e Recalculate gross and net pay on a test basis. 

e Compare payroll costs with standards or budgets. 


e Recompute the mathematical accuracy of a sample of paychecks. 
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= Existence and Occurrence: The auditor should vouch time on payroll summaries by 
selecting a sample of payroll register entries and comparing with time cards and approved 
time reports. From a sample of payroll transactions, the auditor should find the related 
employee to verify existence and current employment status. 


= Understandability of Presentation and Classification: The auditor should examine a 
sample of paychecks for classification into the proper expense accounts. 
2.2.3 Auditing Presentation and Disclosure 


= Completeness: The auditor should ensure that all required disclosures related to payroll 
have been included in the notes to the financial statements. Required disclosures include: 


e Pension and postretirement benefit disclosures 
e  Stock-based compensation disclosures 
e Deferred compensation and profit-sharing plans 


= Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to payroll to determine whether the information is accurate and 
presented at the appropriate amounts. 


= Rights and Obligations, and Occurrence: The auditor should inquire about accruals 
for proper disclosure. The auditor should compare disclosures to other audit evidence to 
ensure that all disclosed information related to payroll has occurred. 


= Understandability of Presentation and Classification: The auditor should read required 
disclosures for understandability. 


3. Financing Cycle 


The financing cycle includes an entity's debt and equity. 
3.1 Controls Related to the Financing Cycle 


3.1.1 Controls Over Debt 

An entity's system of internal control over debt should include the following: 

=m Adequate documentation of all financing agreements. 

= Authorization of new debt financing by the board of directors or management. 


= Detailed records of long-term debt and periodic independent verification of amounts 
between the ledger, details of debt, and the note holders' records. 


= Adequate controls over interest and principal payments and the recording of bond premium 
and discount amortization amounts. 


3.1.2 Controls Over Equity 


All stock issuances, dividend declarations, and treasury stock purchases must be authorized 
by the board of directors. Evidence of these events should be duly recorded in the minutes of 
board meetings. 


Many large entities use a stock transfer agent, who ensures that stock issuances comply with the 
articles of incorporation, prepares stock certificates, and maintains records of shares authorized, 
issued, and outstanding. If a stock transfer agent is not used, then the entity should implement 
the following controls: 
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= An officer of the entity should be responsible for ensuring that stock transactions comply 
with the articles of incorporation and regulatory requirements and should maintain the 
stock certificate book. To ensure proper segregation of duties, the individual who maintains 
the stock certificate book should have no accounting responsibilities. 


=m There should be a periodic independent reconciliation of the stock certificate book with the 
number of shares outstanding. 


3.2 Performing Specific Procedures to Obtain Evidence: 
The Financing Cycle 


3.2.1 Auditing the Debt Balance 


= Completeness: The auditor should review board minutes for evidence of new debt, obtain 
new debt agreements, and trace all new debt contracts to the financial statements. The 
auditor should obtain a listing of all debt and agree the total to the general ledger. Any debt 
disclosed on the standard bank confirmation should be traced to the debt agreements and 
the financial statements. Notes and bonds should be confirmed directly with creditors. 
The auditor should inquire of management regarding new debt and any off-balance sheet 
financing transactions. 


= Valuation and Allocation: The auditor should examine new debt agreements to determine 
whether they were recorded at the proper amount. The auditor should recompute any 
interest payable and recompute the amortization of premiums or discounts. 


=m Existence: The auditor should confirm notes or bonds directly with creditors. 


= Rights and Obligations: The auditor should examine note and bond agreements to verify 
that they are the obligations of the entity. 


3.2.2 Auditing Debt Transactions 
The following tests of details can be performed as dual-purpose tests. 


= Completeness: The auditor should examine new debt agreements and the board 
minutes for evidence of new agreements. The auditor should review interest expense for 
payments to debt holders not included in the debt listing. The auditor should examine lease 
agreements for proper classification as operating or finance. 


= Cutoff: The auditor should review debt activity shortly before and after year-end to ensure 
that transactions were reported in the proper period. 


= Valuation, Allocation, and Accuracy: The auditor should test a sample of debt 
receipts and payments and should compare interest expense to the debt balance for 
reasonableness. 


= Existence and Occurrence: The auditor should verify the existence of new debt by 
reviewing the board minutes for evidence of new agreements and then inspecting the 
agreements. 


= Understandability of Presentation and Classification: The auditor should examine the 
due dates of notes and bonds to determine whether the debt should be classified as short 
term or long term. 
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3.2.3. Auditing Presentation and Disclosure Related to Debt 


= Completeness: The auditor should ensure that all required disclosures related to debt have 
been included in the notes to the financial statements. Required disclosures include: 


e Details of maturity dates, interest rates, call and conversion privileges, and assets 
pledged as collateral. 


e Future sinking fund payments and maturities for each of the next five years. 
e Restrictive loan covenants. 


= Valuation, Allocation, and Accuracy: The auditor should read the footnotes and other 
information related to debt to determine whether the information is accurate and 
presented at the appropriate amounts. 


= Rights and Obligations, and Occurrence: The auditor should compare disclosures with 
other audit evidence to ensure that all disclosed information related to debt has occurred. 


= Understandability of Presentation and Classification: The auditor should read required 
disclosures for understandability. 


3.2.4 Auditing the Equity Balance and Transactions 


When auditing equity, the auditor is primarily concerned about completeness, valuation, 
and existence and occurrence. The auditor should also focus on evaluating classification 
and understandability. 


= Completeness: If the client uses a stock transfer agent, third-party confirmations should 
be used to provide evidence of the completeness of shares authorized, issued, and 
outstanding, as well as to provide evidence of the individual transactions. 


If a client does not use a stock transfer agent, the primary source of evidence of 
completeness is the stock certificate book. The auditor should examine the stock certificate 
stubs for proper recording, for any canceled certificates, and for the existence of the 
remaining unissued certificates. The auditor should foot the shares outstanding in the stock 
certificate book and agree the total to the general ledger. The auditor should examine all 
shares of treasury stock and agree the total to the general ledger. 


The auditor should ensure that all required disclosures related to equity have been included 
in the notes to the financial statements. Required equity disclosures include: 


e Number of shares authorized, issued, and outstanding. 


e Rights and privileges of securities, including dividend and liquidation preferences, 
participation rights, call prices and dates, conversion or exercise prices or rates and 
pertinent dates, sinking-fund requirements, unusual voting rights, and significant 
contracts to issue additional shares. 


e Stock option plans. 


e Appropriations of retained earnings and restrictions on dividends. 
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= Valuation: The auditor may recompute the value assigned to stock transactions during 
the period. The auditor should also analyze the retained earnings account from inception 
(or since the last audit) and should review the propriety of any direct entries to retained 
earnings. 


=m Existence and Occurrence: Existence and occurrence can be tested by vouching 
transactions recorded during the current period to board minutes. The stock transfer agent 
confirmation and the inspection of the stock certificate book also provide evidence of 
existence. 


=m Understandability of Presentation and Classification: The auditor should determine 
whether there are restrictions on retained earnings resulting from loans, agreements, or 
state laws. The auditor should also inquire of management regarding any appropriations of 
retained earnings. Restrictions and appropriations must be properly disclosed. 
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and Internal Control 
Deficiencies 


1 Forming Conclusions 


The auditor's evaluation of audit results should include evaluation of the following: 


=m The results of the analytical procedures performed during the overall review of the 
financial statements. 


Misstatements found during the audit, including uncorrected misstatements. 
The qualitative aspects of the company's accounting practices. 
Conditions identified during the audit that relate to fraud risk. 


The presentation of the financial statements, including disclosures. 


The sufficiency and appropriateness of the audit evidence obtained. 


2 Addressing Misstatements Discovered in the Audit 


The auditor must evaluate the audit evidence gathered to determine whether the financial 
statements are free of material misstatement due to error or fraud. 


2.1 Identification of Misstatements 


The auditor should accumulate misstatements identified during the audit, other than those that 
are clearly trivial. 


"Clearly trivial" is not the same as "not material." Misstatements that are clearly trivial are 
inconsequential, both individually and in aggregate, and when judged by any criteria of size, 
nature, or circumstance. If there is uncertainty about whether a misstatement is clearly trivial, 
then it cannot be considered trivial. 


The auditor may designate an amount below which misstatements are clearly trivial and do not 
need to be accumulated. The amount should be set so that any misstatement below the amount 
would not be material to the financial statements, individually or in aggregate, considering the 
possibility of undetected misstatement. 


2.2. Evaluation of Misstatements 


The auditor must evaluate the materiality of all misstatements found during the audit. 


= The size of a misstatement is often evaluated in comparison to a relevant financial base, 
such as net income, gross sales, gross margin, total assets, or total liabilities. 


= The auditor must consider the effects, both individually and in the aggregate, of uncorrected 
misstatements. The misstatements should be evaluated in relation to the specific accounts 
or disclosures involved and the financial statements as a whole, considering all quantitative 
and qualitative factors. 
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m= Asthe aggregate misstatements accumulated during the audit approach the materiality 
level, the auditor should consider the risk that the addition of undetected misstatements 
could cause materiality levels to be exceeded. 


= Prior period misstatements may affect the financial statements of the current period. 


= Whether or not a misstatement is considered material is ultimately a matter of 
professional judgment. 


= Qualitative considerations sometimes may cause an otherwise immaterial misstatement to 
be deemed material. 


e The specific circumstances surrounding an entity may lead to situations in which 
misstatements that do not exceed materiality limits are still likely to influence the 
judgment of users. 


e Misstatements are more likely to be considered material if they: 


— Affect trends in profitability or mask a change in a trend, or change a loss into income 
(or vice versa). 


—Affect the entity's compliance with loan covenants, contracts, or regulatory requirements. 


— Increase management compensation, indicate a pattern of management bias, or 
involve fraud or an illegal act. 


— Affect significant financial statement elements, such as those involving recurring 
earnings (as opposed to those involving nonrecurring items). 


—Can be objectively determined, as opposed to including an element of subjectivity. 
—Affect segment information presented in the financial statements. 


—Misclassify between certain account balances, for example, between operating and 
nonoperating income or recurring and nonrecurring items. 


—Are significant relative to the needs of users. 

— Offset effects of individually significant but different misstatements. 
—Are currently immaterial, but will have a material effect in the future. 
—Are costly to correct. 


—Represent a risk that possible additional undetected misstatements could affect the 
auditor's evaluation. 


Pass Key 


When evaluating audit findings, the auditor should consider any potential bias in 
management's judgments about the amounts and disclosures in the financial statements. 
Examples of management bias include: 


e Selective correction of misstatements brought to management's attention during the audit. 


° The identification by management of additional adjusting entries that offset 
misstatements accumulated by the auditor. 


e Bias in the selection and application of accounting principles. 
e Bias in accounting estimates. 


If the auditor identifies bias in management's judgments, the auditor should evaluate 
whether this bias, together with the effect of uncorrected misstatements, results in 
material misstatement in the financial statements. 
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2.3. Communication and Correction of Misstatements 


The auditor should communicate on a timely basis with the appropriate level of management 
all misstatements accumulated during the audit. The auditor should request that management 
correct those misstatements. 


= If, atthe auditor's request, management has examined a class of transactions, account 
balance, or disclosure and corrected misstatements that were detected, the auditor should 
perform additional audit procedures to determine whether misstatements remain. 


=m The auditor may request that management examine and perform procedures to determine 
the amount of the actual misstatement in the class of transactions, account balance, or 
disclosure, and to make appropriate adjustments to the financial statements. This may 
occur when the misstatement is based on the auditor's projection of misstatements. 


=m The auditor may request that management record an adjustment needed to correct all 
factual misstatements, including the effect of prior period misstatements other than those 
that the auditor believes are clearly trivial. 


m= When the auditor has identified a judgmental misstatement involving differences in estimates, 
such as a difference in a fair value estimate, the auditor may request that management review 
the assumptions and methods used in developing management's estimate. 


= If management refuses to correct some or all of the misstatements communicated by the 
auditor, the auditor should obtain an understanding of management's reasons for not 
making the corrections, and should take that understanding into account when evaluating 
whether the financial statements as a whole are free from material misstatement. 


m For uncorrected misstatements, the auditor should communicate that the misstatements 
could cause future period financial statements to be misstated, even if the impact to current 
period financial statements is immaterial. 


Below is a sample communication that the auditors might submit to management regarding 
discovered misstatements. 


ABC Company 
Summary of Possible Misstatements 
12/31/XX 
Possible Misstatement: Overstatement/(Understatement) 
Total Income 

Type of misstatement Amount Assets Liabilities Before Tax 
Unrecorded liabilities $ 80,000 $(80,000) $80,000 
Overstated allowance for 

uncollectible accounts 45,000 $(45,000) (45,000) 
Difference between inventory 

count and ledger 60,000 60,000 60,000 
Total $185,000 $ 15,000 $(80,000) $95,000 
Net effect of misstatements 
Assets 15,000 
Liabilities (80,000) 
Income before taxes 95,000 
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Ves Pass Key 


Based on the results of substantive audit procedures, the auditor will propose 

adjusting journal entries to the client. The client may or may not book these proposed 
entries. Management is responsible for the financial statements and has the final decision 
on whether or not to book the recommended entries. The examiners may ask for basic 
adjusting journal entries on the audit exam. 


If management does not make the recommended entries and the auditor determines that 
the uncorrected errors are not material in the aggregate, the auditor should document the 
errors in the summary of uncorrected errors and document the conclusion that the errors 
do not cause the financial statements to be misstated. 


2.4 Documentation Requirements 


The auditor should document the following items: 
= The amount below which misstatements are clearly trivial. 
= All misstatements accumulated during the audit and whether they have been corrected. 


= The auditor's conclusion about whether uncorrected misstatements are material, 
individually or in the aggregate, and the basis for that conclusion. 


Documentation of uncorrected misstatements should include: 
=m The aggregate effect on the financial statements. 


= The evaluation of whether the materiality level or levels for particular classes of 
transactions, account balances, or disclosures, if any, have been exceeded. 


=m The effect of uncorrected misstatements on key ratios or trends and compliance with legal, 
regulatory, and contractual requirements (e.g., debt covenants). 


2.5 Effect of Identified Misstatements on Assessment of Control Risk 


A material weakness is a deficiency, or a combination of deficiencies, in internal control over 
financial reporting, such that there is a reasonable possibility that a material misstatement of the 
entity's financial statements will not be prevented, or detected and corrected on a timely basis. 


Identification by the auditor of a material misstatement that would not have been detected by 
the entity's system of internal control is an indicator of material weakness. However, the reverse 
is not necessarily true. The existence of a material weakness does not necessarily mean that the 
financial statements are materially misstated. 


It is essential for the auditor to evaluate the type and cause of misstatements discovered during 
audit testing. In order to decide whether the misstatements are consistent with the assessment 
of control risk, the auditor should consider: 


1. the frequency with which the misstatement occurred; 
2. the effect on other audit areas; and 
3. the financial statement implications. 


If inconsistent, the audit risk model should be reassessed, and implications on the entire 
audit (including sample size) must be considered. All misstatements should be evaluated, 
even misstatements of small dollar amounts, as they could be an indication of a more serious 
problem within the system of internal control. 
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3. Adjusting Journal Entries 


Misstatements can be corrected using adjusting journal entries. Adjusting journal entries may 
affect any account that appears in the financial statements. These questions often require basic 
knowledge of journal entries. (For example, revenue related to Year 2 should not be included in 
Year 1 revenue.) Some methods the examiners may use to test adjusting entries can be found 
below (this is not meant to be a comprehensive list, however). 


3.1 Correct Accounts That Are Overstated or Understated 


For questions related to adjusting accounts that are overstated or understated, it is important 
to be familiar with the natural debit or credit balance of an account. With the exception of 
contra-accounts, the general rule is: 


=m Assets have a natural debit balance. 

= Liabilities and stockholder equity have a natural credit balance. 
=m Sales have a natural credit balance. 

m Expenses have a natural debit balance. 


Knowing the natural balance of accounts will help you understand how to adjust journal entries. 
For example, if sales made "on account" are overstated, this means that the auditor thinks sales 
and the related receivable are too large and need to be smaller. To decrease these accounts, the 
auditor would propose: 


Sales $XXX 
Accounts receivable $XXX 


(To adjust sales and accounts receivable to correct amounts.) 


Rationale: Sales has a natural credit balance, so sales should be debited to decrease it. Accounts 
receivable has a natural debit balance, so accounts receivable should be credited to decrease it. 


3.2 Purchases 


Questions related to purchases may require knowledge of free on board (FOB) shipping point and 
FOB destination. It is important to note whether the client is the buyer or seller to help determine 
whether purchases (such as inventory) should be included or excluded from a balance. 


3.2.1 If the Client Is the Buyer 


= FOB Shipping Point: An item shipped FOB shipping point should be included in the client's 
inventory as soon as the item is with the carrier (e.g., in a delivery truck). 


= FOB Destination: An item shipped FOB destination should be included in the client's 
inventory as soon as the item has reached the destination (e.g., the client's place of business). 


3.2.2 If the Client Is the Seller 


= FOB Shipping Point: An item shipped FOB shipping point should be excluded from the 
client's inventory as soon as the item is with the carrier (e.g., in a delivery truck). 


= FOB Destination: An item shipped FOB destination should be excluded from the client's 
inventory as soon as the item has reached the destination (e.g., the buyer's place of business). 
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3.3. Inventory 


3.3.1 Perpetual Inventory 
In a perpetual inventory system the journal entries to record the sale of inventory are: 
Cash or accounts receivable $XXX 
Sales $XXX 


(To record the sale of an item.) 
And: 


Cost of goods sold $XXX 
Inventory $XXX 


(To record the relief of inventory.) 


3.3.2 Periodic Inventory System 


In a periodic inventory system, sales are recorded after every sale is made, and inventory is 
adjusted at the end of the period through a periodic count. The formula to calculate cost of 
goods sold is: 


Beginning inventory 
+ Purchases 
Cost of goods available for sale 


- Ending inventory (based on physical inventory count) 


Cost of goods sold 


The journal entry to record a sale under the periodic method is: 


Cash or accounts receivable $XXX 
Sales $XXX 


(To record the sale of inventory.) 


Cost of goods sold are recorded at period end. The journal entry at the end of the period (based 
on the formula above) would be: 


Cost of goods sold $XXX 
Inventory $XXX 


(To record the relief of inventory.) 
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Example 1 Inventory Adjusting Entry 


Facts: The auditor is auditing ABC Company, which utilizes a periodic inventory system. The 
auditor discovers that inventory stored at a distribution center on December 31, Year 2, 
was inadvertently omitted during the Year 2 physical inventory count. This inventory was 
valued at $20,000. 


Required: What should the adjusting journal entry be? 
Solution: 


Inventory $20,000 
Cost of goods sold $20,000 


(To correct inventory and cost of goods sold for inventory held at off-site location.) 


The company needs to increase inventory by $20,000. In addition, when the company 
computed cost of goods sold, the ending inventory was lower by $20,000, which resulted in 
a higher cost of goods sold of $20,000. To decrease cost of goods sold, the auditor would 
propose a credit to cost of goods sold for $20,000. 


3.3.3. Consignment 


Audit Client Is the Consignee (Holding Another Company's Goods): This inventory 
should be excluded from the client's financial statements. 


Audit Client Is the Consignor (Goods Are Held at Consignee's Place of Business): This 
inventory should be included in the client's financial statements. 
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NOTES 
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8 Written Representations 


1 Management Representation Letter 


At the conclusion of fieldwork, the independent auditor must obtain a management 
representation letter from the client. The auditor prepares the text of the representation letter, 
which is then printed on client letterhead and signed by the client. 


1.1 Purposes of Representation Letter 


The three primary purposes for obtaining written representations from management are: 
1. To confirm representations explicitly or implicitly given to the auditor. 
2. To indicate and document the continuing appropriateness of such representations. 


3. To reduce the possibility of misunderstanding concerning matters that are the subject of 
the representations. 


1.2 Requirements 


In the management representation letter, the client asserts that all material matters have been 
adequately disclosed to the independent auditor. 


= Final Piece of Evidential Matter: The representation letter is obtained at the end of 
the auditor's fieldwork and covers the period up to the date of the auditor's report. It 
should address all financial statements and periods covered by the report, even if current 
management was not present during all such periods. 


= Letter Is Mandatory: The auditor must receive the letter in order to render an unmodified 
opinion. Management's refusal to furnish a written representation letter generally results in 
a disclaimer of opinion or in withdrawal from the engagement. 


= Dated Same Date as Audit Report: The client representation letter should be dated as of 
the date of the auditor's report. 


e Occasionally, circumstances may prevent management from signing the representation 
letter and returning it to the auditor on the date of the auditor's report. When this 
happens, the auditor may accept management's oral confirmation, on or before the 
date of the auditor's report, that management has reviewed the final representation 
letter and will sign the representation letter without exception as of the date of the 
auditor's report. 


e Possession of the signed representation letter is necessary before releasing the 
auditor's report. 


= Signed by CEO and CFO: The members of management with overall responsibility for 
financial and operating matters who are responsible for and knowledgeable about the items 
contained in the letter (usually the CEO and CFO) should sign the letter. Other officers and 
employees also may be asked to sign the letter. 
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= Representations: In the representation letter, management provides information on the 
financial statements, the completeness of information, recognition, measurement, and 
disclosure, and subsequent events. 


= Materiality: Representations may be limited to items that management and the auditor 
agree are material. Materiality considerations do not apply to items not directly related 
to financial statement amounts (e.g., all minutes and all financial records should be made 
available to the auditor). 


= Doubt About the Reliability of Written Representations: If the auditor concludes that 
written representations are not reliable due to concerns about the competence, integrity, 
ethical values, or diligence of management, or because of unresolved inconsistencies 
between the written representations and other audit evidence, the auditor should consider 
the possible effect on the audit opinion. When the auditor concludes that there is sufficient 
doubt about the integrity of management, the auditor should disclaim an opinion or 
withdraw from the engagement. 


1.3. Contents of Management Representation Letter 


The management representation letter should include the following representations by 
management. 


= Financial Statements: Management is responsible for: 


e the fair presentation of the financial statements in accordance with the applicable 
financial reporting framework; and 


e the design, implementation, and maintenance of controls relevant to the preparation 
and fair presentation of financial statements that are free from material misstatement, 
whether due to fraud or error. 


= Completeness of Information: Management has provided the auditor with all relevant 
information and access, as agreed on in the terms of the engagement. All transactions have 
been recorded and are reflected in the financial statements. 


= Fraud 


e Acknowledgment of management's responsibility for the design, implementation, and 
maintenance of controls to prevent and detect fraud. 


e Management has disclosed to the auditor the results of its assessment of the risk that 
the financial statements may be materially misstated as a result of fraud. 


e Management has disclosed to the auditor its knowledge of fraud or suspected fraud 
affecting the entity involving: 


— management; 
— employees who have significant roles related to controls; or 
—others, when the fraud could have a material effect on the financial statements. 


e Management has disclosed to the auditor its knowledge of any allegations of fraud 
or suspected fraud affecting the entity's financial statements communicated by 
employees, former employees, analysts, regulators, or others. 


= Laws and Regulations: All instances of identified or suspected noncompliance with laws 
and regulations whose effects should be considered by management when preparing 
financial statements have been disclosed to the auditor. 
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= Uncorrected Misstatements: Management believes that the effects of uncorrected 
misstatements are immaterial, individually or in the aggregate, to the financial statements 
as a whole. Asummary of these items should be included in or attached to the written 
representation. 


= Litigation and Claims: All known actual or possible litigation and claims whose effects 
should be considered by management when preparing the financial statements have been 
disclosed to the auditor and accounted for and disclosed in accordance with the applicable 
financial reporting framework. 


=m Estimates: Management believes the methods, significant assumptions, and data used in 
making accounting estimates are appropriate in accordance with the applicable financial 
reporting framework. 


= Related Party Transactions 


e Disclosure of the identity of all the entity's related parties and all related party 
relationships and transactions of which it is aware. 


e Management has appropriately accounted for and disclosed such relationships 
and transactions. 


= Subsequent Events: All events occurring subsequent to the date of the financial statements 
and for which the applicable financial reporting framework requires adjustment or 
disclosure have been adjusted or disclosed. 


= Additional Representations: The auditor should obtain additional representations from 
management regarding issues specific to the entity's financial statements. Possible topics 
include the impact of a new accounting principle, impairment of assets, intent to hold debt 
securities to maturity, obsolescence of inventory, restrictions on cash, plans to discontinue a 
line of business, etc. 


1.3.1 Sample Management Representation Letter 


[Entity Letterhead] 
To [Auditor] [Date] 


This letter is provided in connection with your audit of the financial statements 
of ABC Company, which comprise the balance sheet as of December 31, 20XX, 
and the related statements of income, changes in stockholders' equity, and cash 
flows for the year then ended, and the related notes to the financial statements, 
for the purpose of expressing an opinion on whether the financial statements are 
presented fairly, in all material respects, in accordance with accounting principles 
generally accepted in the United States (U.S. GAAP). 


Certain representations in this letter are described as being limited to matters 
that are material. Items are considered material, regardless of size, if they involve 
an omission or misstatement of accounting information that, in the light of 
surrounding circumstances, makes it probable that the judgment of a reasonable 
person relying on the information would be changed or influenced by the 
omission or misstatement. 


(continued) 
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(continued) 


Except where otherwise stated below, immaterial matters less than $[insert amount] 
collectively are not considered to be exceptions that require disclosure for the 
purpose of the following representations. This amount is not necessarily indicative of 
amounts that would require adjustment to or disclosure in the financial statements. 


We confirm that, [to the best of our knowledge and belief, having made such inquiries 
as we considered necessary for the purpose of appropriately informing ourselves] [as 
of (date of auditor's report)]: 


Financial Statements 


1. 


8. 


We have fulfilled our responsibilities, as set out in the terms of the audit 
engagement dated [insert date], for the preparation and fair presentation of 
the financial statements in accordance with U.S. GAAP. 


We acknowledge our responsibility for the design, implementation, and 
maintenance of internal control relevant to the preparation and fair 
presentation of financial statements that are free from material misstatement, 
whether due to fraud or error. 


We acknowledge our responsibility for the design, implementation, and 
maintenance of internal control to prevent and detect fraud. 


The methods, data, and significant assumptions used by us in making 
accounting estimates and their related disclosures are appropriate to achieve 
recognition, measurement, or disclosure that is reasonable in the context of 
the applicable financial reporting framework. 


Related party relationships and transactions have been appropriately 


accounted for and disclosed in accordance with the requirements of U.S. GAAP. 


All events subsequent to the date of the financial statements and for which 
U.S. GAAP requires adjustment or disclosure have been adjusted or disclosed. 


The effects of uncorrected misstatements are immaterial, both individually 
and in the aggregate, to the financial statements as a whole. A list of the 
uncorrected misstatements is attached to the representation letter. 


The effects of all known or possible litigation and claims have been accounted 
for and disclosed in accordance with U.S. GAAP. 


[Any other matters that the auditor may consider appropriate.] 
Information Provided 


9. 


We have provided you with: 


a. Access to all information, of which we are aware that is relevant to the 
preparation and fair presentation of the financial statements such as 
records, documentation, and other matters; 


b. Additional information that you have requested from us for the purpose 
of the audit; and 


c. Unrestricted access to persons within the entity from whom you 
determined it necessary to obtain audit evidence. 


(continued) 
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10. 


11. 


12. 


13. 


14. 


15. 


16. 


All transactions have been recorded in the accounting records and are 
reflected in the financial statements. 


We have disclosed to you the results of our assessment of the risk that the 
financial statements may be materially misstated as a result of fraud. 


We have [no knowledge of any] [disclosed to you all information that we are 
aware of regarding] fraud or suspected fraud affecting the entity and involves: 


a. Management; 
b. Employees who have significant roles in internal control; or 


c. Others where the fraud could have a material effect on the financial 
statements. 


We have [no knowledge of any] [disclosed to you all information that we are 
aware of regarding] allegations of fraud, or suspected fraud, affecting the 
entity's financial statements communicated by employees, former employees, 
analysts, regulators, or others. 


We disclosed to you all known instances of noncompliance or suspected 
noncompliance with laws and regulations whose effects should be considered 
when preparing financial statements. 


We [have disclosed to you all known actual or possible][are not aware of 

any pending or threatened] litigation and claims whose effects should be 
considered when preparing financial statements [and we have not consulted 
legal counsel concerning litigation or claims]. 


We have disclosed to you the identity of the entity's related parties and all the 
related party relationships and transactions of which we are aware. 


[Any other matters that the auditor may consider necessary. ] 


[Name of Chief Executive Officer and Title] 


[Name of Chief Financial Officer and Title] 


a 


Pass Key 


Remember that the management representation letter is required. Management's refusal 
to furnish written representations generally will result either in a disclaimer of opinion or in 
withdrawal from the engagement. 
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1.3.2 Additional Written Representation Regarding an ERISA Plan Financial 
Statements Audit 


In addition to the management representations above (AU-C Section 580), the auditor should 
request the following written representations from management in an audit of ERISA plan 
financial statements: 


= That management has provided the auditor with the most current plan instrument for the 
audit period, including all plan amendments. 


= Acknowledgement of its responsibility for administering the plan and determining that the 
plan's transactions that are presented and disclosed in the ERISA plan financial statements 
are in conformity with the plan's provisions, including maintaining sufficient records with 
respect to each of the participants to determine the benefits due, or which may become 
due, to such participants. 


m When management elects to have an ERISA Section 103(a)(3)(C) audit, acknowledgement 
that management's election of the ERISA Section 103(a)(3)(C) audit does not affect its 
responsibility for the financial statements and for determining whether: 


e an ERISA Section 103(a)(3)(C) audit is permissible under the circumstances; 
e the investment information is prepared and certified by a qualified institution; 


e the certification meets the requirements of the Department of Labor's Rules and 
Regulations for Reporting and Disclosure under ERISA (qualified institution); and 


e the certified investment information is appropriately measured, presented, and 
disclosed in accordance with the applicable financial reporting framework. 


1.3.3. Written Representation Regarding Internal Control Over Financial Reporting 


When performing an integrated audit, which includes an audit of internal controls over financial 
reporting, the auditor should obtain additional written representations from management about 
its responsibility for internal control over financial reporting, in which management: 


= Acknowledges its responsibility for designing, implementing, and maintaining effective 
internal control over financial reporting, and states that management has performed an 
evaluation of the effectiveness of the entity's internal control over financial reporting. 


m States the assertion and specifies the criteria used to evaluate the assertion. 


= Affirms that management did not rely on the auditor's procedures as the basis for 
the assertion. 


= Confirms that all significant deficiencies and material weaknesses have been disclosed to 
the auditor, and indicates whether any such deficiencies identified in previous engagements 
remain unresolved. 


= Describes fraud resulting in material misstatement or fraud involving senior management 
or key employees. 


=m States whether there were any significant changes to internal control over financial 
reporting after the "as of" date of the report. 


Failure to obtain such written representations is a scope limitation that generally will result in 
the auditor's withdrawal from the engagement or in a disclaimer of opinion. 
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1 ‘Those Charged With Governance 


The term "those charged with governance" refers to those who bear responsibility to oversee 
the obligations and strategic direction of an entity, including the financial reporting process. This 
term is broadly interpreted to encompass the terms "board of directors" and "audit committee." 
Depending on the governance structure of the entity, management may or may not be included 
in the definition of "those charged with governance." 


During an audit, the auditor has the responsibility to establish an effective two-way 
communication with those charged with governance regarding: 


=m The planned scope and timing of the audit. 
= Information held by those charged with governance that is relevant to the audit. 


= Timely observations arising from the audit that are relevant to the oversight of the financial 
reporting process. 


2 ‘Internal Control Communications 


2.1 Applicability 
An accountant communicates internal control-related matters in the following situations: 


2.1.1 Financial Statement Audit (Nonissuers) 


m Although the purpose of an audit of a nonissuer is to express an opinion on the financial 
statements and not to express an opinion on the effectiveness of internal control, certain 
deficiencies related to internal control (control deficiencies) may be noticed by the auditor 
during the audit. Such deficiencies create a reporting responsibility for the auditor, which is 
covered in this section. 


= This situation is governed by Statements on Auditing Standards (SAS). 
2.1.2 Integrated Audits (Nonissuers and Issuers) 
= Audit of Internal Control (Nonissuers) 


e  Anauditor may be hired to perform an audit of a nonissuer's internal control over financial 
reporting. If so, the audit of internal control over financial reporting should be integrated 
with an audit of the entity's financial statements. 


e This situation is governed by Statements on Auditing Standards (SAS). 
= Audit of Internal Control (Issuers) 


e Allissuers are required to have an audit of internal control over financial reporting that 
is integrated with an audit of the financial statements. 


e This situation is governed by Public Company Accounting Oversight Board (PCAOB) 
auditing standards. 
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2.2. Definitions 


Certain definitions are virtually the same for all three types of engagements. Where slight 
differences exist, wording used for nonissuers is shown first; wording for issuers is shown in 
(parentheses). 


2.2.1 Control Deficiency 


A control deficiency exists when the design or operation of a control does not allow 
management or employees, in the normal course of performing their assigned functions, to 
prevent, or detect and correct (prevent or detect) misstatements on a timely basis. 


= A deficiency in design occurs when a necessary control is missing or when an existing 
control does not achieve the desired objective. 


= Adeficiency in operation occurs when a properly designed control does not operate as 
designed, or is performed by an inappropriate person. 


2.2.2 Material Weakness 


A material weakness is a deficiency, or a combination of deficiencies, in internal control (over 
financial reporting), such that there is a reasonable possibility that a material misstatement of 
the entity's (company's annual or interim) financial statements will not be prevented, or detected 
and corrected (prevented or detected) on a timely basis. 


"Reasonable possibility" implies that the likelihood of an event is either "reasonably possible" or 
"probable." 


2.2.3 Significant Deficiency 


A significant deficiency is a deficiency, or a combination of deficiencies, in internal control 
(over financial reporting) that is less severe than a material weakness, yet important enough to 
merit attention by those charged with governance (responsible for oversight of the company's 
financial reporting). 


2.2.4 Indicators of Material Weakness 


Although there are three distinct sets of standards with respect to internal control communications, 
they all provide the same guidance with respect to evaluation of control weaknesses. The following 
situations are considered indicators of a material weakness in internal control over financial 
reporting. 


= = Identification of any level of fraud (even immaterial fraud) perpetrated by senior management. 
m Restatement of previously issued financial statements to correct a material misstatement. 


= Identification by the auditor of a material misstatement that would not have been detected 
by the entity's system of internal control. 


=m Ineffective oversight by those charged with governance (the company's audit committee). 
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2.3. Detection of Control Deficiencies 


An auditor of financial statements (nonissuer) is not required to perform procedures to identify 
deficiencies in internal control, or to express an opinion on the effectiveness of internal control 
over financial reporting. The auditor may, however, become aware of control deficiencies while 
performing the audit. The auditor has a responsibility to evaluate control deficiencies identified 
during the audit and, in some cases, to report those deficiencies. 


Pass Key 


The auditor may discuss relevant facts and circumstances with management when 
determining whether the auditor has identified internal control deficiencies. The level of 
management with whom it is appropriate to discuss the findings is one that is familiar 
with the control area concerned and that has authority to take remedial action. However, 
when findings call into question management's integrity or competence, it may not be 
appropriate to discuss the findings directly with management. 


2.4 Evaluation of Control Deficiencies 


The auditor must evaluate control deficiencies (both individually and in combination) to 
determine whether they represent significant deficiencies or material weaknesses. 


The severity of a deficiency, or a combination of deficiencies, depends on not only whether a 
misstatement has actually occurred, but also on: 


1. the magnitude of the potential misstatement; and 


2. whether there is a reasonable possibility that the entity's controls will fail to prevent, or 
detect and correct, a misstatement of an account balance or disclosure. 


Pass Key 


Significant deficiencies and material weaknesses may exist even though the auditor has not 
identified misstatements during the audit. 


The auditor should consider both the likelihood and the magnitude of potential misstatements. 


= Likelihood: Is there a reasonable possibility that the entity's controls will fail to prevent, 
or detect and correct, the misstatement? Consider the nature of the related accounts 
(e.g., susceptibility to fraud, subjectivity, complexity, etc.). 


= Magnitude: Consider both the dollar amount and the volume of activity in accounts 
exposed to the deficiency. 


If more than one control deficiency affects the same account balance or disclosure, 
individually insignificant deficiencies may, in combination, constitute a significant deficiency or 
material weakness. 
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The auditor should consider whether any controls tend to compensate for the identified 
deficiency. A compensating control is one that limits the severity of a control deficiency and may 
prevent it from being identified as a significant deficiency or material weakness. 


Indicators of material weaknesses include senior management fraud; restatement of previous 
financial statements to correct a material error; identification by the auditor of a material 
misstatement that the entity's controls would not have detected; and ineffective oversight by 
those charged with governance. 


2.5 Communication of Control Deficiencies 


Significant deficiencies and material weaknesses, even those that were corrected during the 
audit, must be communicated on a timely basis in writing to management and those charged 
with governance. 


2.5.1 Previously Existing Deficiencies 


Previously communicated significant deficiencies and material weaknesses that have not been 
corrected should be communicated again, in writing, during the current audit by referring to the 
previously issued written communication and the date of that communication. 


2.5.2 Timing 


Although it is recommended that the written communication be made by the report release 
date, a window extending 60 days beyond this date is acceptable. Earlier communication (i.e., 
during the audit) is also acceptable. While such early communication need not be in writing, 
it does not negate the requirement for eventual written communication of all significant 
deficiencies and material weaknesses. 


2.5.3 Management's Evaluation 


It is management's responsibility to evaluate and address control deficiencies. Management 
may decide to accept certain significant deficiencies or material weaknesses based on the costs 
that would be incurred to correct them. Even in such situations, the auditor is still required to 
communicate such deficiencies in writing. 


2.5.4 Communication of Other Deficiencies 


The auditor should communicate to management only, in writing or orally, other deficiencies 
in internal control identified during the audit that are of sufficient importance to merit 
management's attention but are not significant deficiencies or material weaknesses. If other 
deficiencies are communicated orally, the communication should be documented. 


m= Ifthe auditor has communicated other deficiencies in a prior period and management has 
chosen not to correct the deficiencies for cost or other reasons, the auditor need not repeat 
the communication in the current period. 


= The auditor is not required to repeat information about other deficiencies if the information 
has already been communicated to management by other parties, such as internal auditors 
or regulators. 


=m The auditor may communicate the details of other deficiencies to those charged with 
governance, either orally or in writing, if those charged with governance wish to be made 
aware of the details or if the auditor chooses to inform them. 
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Communication of Deficiencies in Internal Control 


(Financial Statement Audit Only: Nonissuer) 


Communicate Communicate Communication 
the deficiency to Communicate the deficiency to should be made 
management only, |_ the deficiency to those charged within 60 days 
either orally management, with governance, of the report 
or in writing. in writing. in writing. release date. 
Control deficiency v v 
Significant deficiency v v v 
Material weakness v v v 


2.6 Communication Requirements 


The written communication of significant deficiencies and material weaknesses should include 
the following: 


1. The definition of the term material weakness and, when relevant, the definition of the term 
significant deficiency. 


2. Adescription of the significant deficiencies and material weaknesses, including an 
explanation of their potential effects. 


e The auditor does not need to quantify the potential effects. 


e Potential effects can be described in terms of the control objectives and types of errors 
the control was designed to prevent, or detect and correct, or in terms of the risks of 
misstatement the control was designed to address. 


3. Sufficient information to enable those charged with governance and management to 
understand the context of the communication, including statements that: 


e The purpose of the audit was for the auditor to express an opinion on the financial 
statements. 


e The auditor is not expressing an opinion on the effectiveness of internal control. 


e The audit included consideration of internal control over financial reporting in order 
to design audit procedures that are appropriate in the circumstances but not for the 
purpose of expressing an opinion on the effectiveness of internal control. 


e The auditor's consideration of internal control was not designed to identify all 
deficiencies in internal control that might be material weaknesses or significant 
deficiencies, and therefore, material weaknesses and significant deficiencies may exist 
that were not identified. 


4. Arestriction regarding the use of the communication to management, those charged with 
governance, others within the organization, and any governmental authority to which the 
auditor is required to report. 
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2.6.1 Optional Communication Content 
The auditor may also include the following information in the communication when appropriate: 
= Adescription of the inherent limitations of internal control. 


= The specific nature and extent of the auditor's consideration of internal control during 
the audit. 


=m The auditor may not report the absence of significant deficiencies, because there is too 
great a potential for misinterpretation of the very limited degree of assurance the auditor 
would be providing in such instances. 


=m The auditor may issue a communication indicating that no material weaknesses were 
identified during the audit, typically for the client to submit to governmental authorities. 


Management may prepare a written response to the auditor's communication regarding 
significant deficiencies and material weaknesses identified during the audit. Management's 
response may describe corrective actions taken or planned for the future, or indicate that the 
cost of correcting the identified deficiencies would exceed the benefits to be derived. 


If such response is included in a document containing the auditor's written communication, the 
auditor may add a paragraph disclaiming an opinion on management's response. 


2.6.2 Additional Required Communication Content in an Audit of ERISA Plan 
Financial Statements 


For an ERISA Plan financial statement audit, the auditor should communicate reportable findings 
from the audit procedures performed relating to the plan's provisions. Such communication 
should be included with the required communication with those charged with governance, 
either in a separate section or placed in such communications as the auditor deems appropriate. 


The written communication should include the following: 
= Adescription of the reportable finding. 


= Sufficient information to enable those charged with governance and management to 
understand the context of the communication. 


= Anexplanation of the potential effects of the reportable findings on the financial statements 
or to the plan. 


The auditor should not issue a written communication stating that no reportable findings were 
identified during the audit. 
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2.6.3. Sample Written Communication on Internal Control (Nonissuer) 


To Management and [identify the body or individuals charged with governance] of 
ABC Company: 


In planning and performing our audit of the financial statements of ABC 
Company (the "Company'") as of and for the year ended December 31, 20Xx, in 
accordance with auditing standards generally accepted in the United States of 
America, we considered the Company's internal control over financial reporting 
(internal control) as a basis for designing audit procedures that are appropriate 

in the circumstances for the purpose of expressing our opinion on the financial 
statements, but not for the purpose of expressing an opinion on the effectiveness 
of the Company's internal control. Accordingly, we do not express an opinion on 
the effectiveness of the Company's internal control. 


Our consideration of internal control was for the limited purpose described in the 
preceding paragraph and was not designed to identify all deficiencies in internal 
control that might be material weaknesses or significant deficiencies and therefore, 
material weaknesses or significant deficiencies may exist that were not identified. 
However, as discussed below, we identified certain deficiencies in internal control 
that we consider to be material weaknesses and significant deficiencies. 


A deficiency in internal control exists when the design or operation of a control 
does not allow management or employees, in the normal course of performing 
their assigned functions, to prevent, or detect and correct, misstatements on a 
timely basis. A material weakness is a deficiency, or a combination of deficiencies, 
in internal control, such that there is a reasonable possibility that a material 
misstatement of the entity's financial statements will not be prevented, or 
detected and corrected, on a timely basis. We consider the following deficiencies 
in the Company's internal control to be material weaknesses: 


[Describe the material weaknesses that were identified and an explanation of their 
potential effects.] 


A significant deficiency is a deficiency, or combination of deficiencies, in internal 
control that is less severe than a material weakness, yet important enough to 
merit attention by those charged with governance. We consider the following 
deficiencies in the Company's internal control to be significant deficiencies: 


[Describe the significant deficiencies that were identified and an explanation of their 
potential effects.] 


[/f the auditor is communicating significant deficiencies and did not identify any 
material weaknesses, the auditor may state that none of the identified deficiencies are 
considered to be material weaknesses. ] 


This communication is intended solely for the information and use of 
management, [identify the body or individuals charged with governance], others 
within the organization, and [identify any specified governmental authorities to which 
the auditor is required to report] and is not intended to be, and should not be, used 
by anyone other than these specified parties. 


[Auditor's Signature] 
[Date] 
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MODULE 


Integrated Audit 
Procedures 


1 Overview of Integrated Audits (Issuers and Nonissuers) 


Under PCAOB standards, auditors of issuers are required to perform an integrated audit, 
auditing both the financial statements and management's assessment of the effectiveness 
of internal control over financial reporting (ICFR). The audit of management's assessment is 
commonly referred to as an "audit of internal control over financial reporting." 


Impact of the Dodd-Frank Act on the Issuer Integrated Audit Requirement 


The Dodd-Frank Act amended Rule 404 of the Sarbanes-Oxley Act to provide that an audit 
of an issuer's internal control over financial reporting is only required for issuers that are 

large accelerated filers or accelerated filers. A large accelerated filer is defined by the U.S. 
Securities and Exchange Commission (SEC) as an issuer with a worldwide market value of 


outstanding common equity held by nonaffiliates of $700 million or more. An accelerated 
filer is defined as an issuer with a worldwide market value of outstanding common equity 
held by nonaffiliates of $75 million or more, but less than $700 million. Smaller reporting 
companies, which are entities with annual revenues of less than $100 million, are excluded 
from the definition of large accelerated filers or accelerated filers. 


For nonissuers, SAS 130 governs the audit and report on a nonissuer's internal control over 
financial reporting that is integrated with a financial statement audit. The rules regarding 
the conduct of issuer and nonissuer integrated audits are very similar. The similarities and 
differences between the two sets of integrated audit standards are highlighted below. 


1.1 Objective of the Engagement (Issuers and Nonissuers) 


The auditor's objective in an audit of internal control over financial reporting (ICFR) is to express 
an opinion on the effectiveness of the entity's internal control over financial reporting. Because 
an entity's internal control cannot be considered effective if one or more material weaknesses 
exist, the auditor should plan and perform the engagement to obtain sufficient appropriate 
evidence to obtain reasonable assurance about whether material weaknesses exist as of the 
date specified in management's assessment, which should correspond to the balance sheet date 
for the financial statement audit. 
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2 Conditions for Engagement Performance 


2.1 Auditor Requirements (Issuers and Nonissuers) 


The audit of ICFR should be integrated with an audit of the financial statements. The auditor 
should plan and perform the integrated audit to achieve the objectives of both engagements. 


The auditor should use the same control criteria to perform the audit of ICFR as management 
uses for its evaluation of the effectiveness of the entity's internal control. 


Tests of controls should be designed to provide sufficient appropriate evidence to support 
both the opinion on internal control and the control risk assessment needed for the financial 
statement audit. 


2.2 Management Requirements (Issuers Only) 


Section 404 of the Sarbanes-Oxley Act of 2002 requires each issuer's annual report to contain an 
internal control report that: 


1. states management's responsibility for establishing and maintaining an adequate internal 
control structure and procedures for financial reporting; and 


2. contains an assessment, as of the end of the most recent fiscal year of the issuer, 
of the effectiveness of the internal control structure and procedures of issuer for 
financial reporting. 


Note: The American Institute of Certified Public Accountants (AICPA) standards use the term 
"management's assessment" while the Public Company Accounting Oversight Board (PCAOB) 
uses the term "management's assertion." The term "assessment" is being used in this text for 
consistency. 


2.3. Management Requirements (Nonissuers Only) 
An audit of ICFR can only be performed if management: 
= Accepts responsibility for the effectiveness of internal control. 


= Evaluates the effectiveness of the entity's internal control using suitable and available 
criteria, such as criteria issued by the AICPA or by regulatory agencies. 


= Supports its assessment about the effectiveness of internal control with sufficient 
appropriate evidence. 


e Management is responsible for identifying and documenting control objectives and the 
controls that meet those objectives. 


e Management's monitoring activities may provide evidence supporting its assertion. 


= Provides a written assessment about the effectiveness of the entity's internal control in a 
report that accompanies the auditor's report. 


e The "as of" date in management's assertion should coincide with the date of the 
financial statements. 


e If management refuses to furnish a written assessment, the auditor should withdraw 
from the engagement. In rare instances, in which the auditor is not permitted by law 
or regulation to withdraw, a disclaimer of opinion on ICFR should be issued and the 
auditor should consider the impact on the financial statement audit. Management's 
refusal to provide a written assessment would be treated as a scope limitation. 
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2.4 Written Representations (Issuers and Nonissuers) 


The auditor should obtain a written representation letter from management in which 
management: 


1. Acknowledges its responsibility for establishing and maintaining effective internal control, 
and states that management has performed an assessment of the effectiveness of the 
entity's internal control. 


States management's assessment as of a specified date and specifies the criteria used. 


Affirms that management did not rely on the auditor's procedures as the basis for the 
assessment. 


4. States that management has disclosed all deficiencies in design and operation. Confirms 
that all significant deficiencies and material weaknesses have been disclosed to the auditor, 
and indicates whether any such deficiencies identified in previous engagements remain 
unresolved. 


5. Describes fraud resulting in material misstatement or fraud involving senior management 
or other employees who have a significant role in ICFR. 


6. States whether there were any significant changes to internal control after the "as of" date 
of the report, including any corrective action taken by management regarding significant 
deficiencies and material weaknesses identified. 


Failure to obtain such written representations is a scope limitation that will generally result in 
the auditor's withdrawal from the engagement or in a disclaimer of opinion. 


3 Planning the Engagement (Issuers and Nonissuers) 


3.1 Overall Planning 


Planning involves developing an overall strategy for the scope and performance of the 
engagement. The auditor should consider: 


= Matters affecting the industry of the entity—financial reporting practices, economic 
conditions, laws and regulations, and technological change. 


= Prior knowledge of the entity's internal control (obtained during other professional 
engagements or by reviewing a predecessor's working papers). 


= Matters concerning the entity and its business—organization, operations, and 
capital structure. 


= The relative complexity of entity operations, as well as the extent of any recent changes in 
the entity, its operations, or its internal control. 


m Management's method of evaluating control effectiveness. 


m Judgments about materiality and risk, including risks evaluated as part of the auditor's 
acceptance and retention decision and preliminary judgments about the effectiveness of 
internal control. 


e The same level of materiality and the same risk assessment process should be used for 
both the financial statement audit and the audit of ICFR. 


e More attention should be focused on areas of higher risk. 
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e The results of the fraud risk assessment performed in the financial statement audit 
should be considered in the audit of ICFR, and the auditor should evaluate whether 
controls sufficiently address fraud risk. 


= Previously communicated deficiencies, legal or regulatory matters, and public information 
about the entity. 


m The nature and extent of available evidence. 
= Scaling the audit: Smaller or less complex companies might achieve their control objectives 
differently from more complex companies, so the audit should be scaled appropriately. 


3.2 Fraud Risk Assessment 


The auditor's fraud risk assessment (required in the financial statement audit) should be 
integrated into the audit of ICFR, and the auditor should consider management fraud and 
management override of controls as areas of high risk. Controls that might address these risks 
include controls over: 


= Significant unusual transactions 

= Period-end journal entries and adjustments 
= Related party transactions 

= Significant management estimates 


The auditor should also consider controls that mitigate incentives and pressures that may lead 
management to falsify or inappropriately manage financial results. 


3.3. Using the Work of Others 


The auditor may use the work of others (internal auditors, other company personnel, and certain 
third parties) who are sufficiently competent and objective, in evaluating the effectiveness of 
internal control. 


The auditor should consider the risk associated with a particular control, in determining whether 
and to what extent to use the work of others. As risk increases, a greater degree of competence 
and objectivity is required. For high-risk areas, use of the work of others might be reduced 

or eliminated. 


4 Top-Down Approach (Issuers and Nonissuers) 


A top-down approach is used in selecting controls to test. The auditor evaluates overall risks at 
the financial statement level, considers controls at the entity level, and then focuses on accounts, 
disclosures, and assertions for which there is a reasonable possibility of material misstatement. 
4.1 Entity-Level Controls 


The auditor should identify and test entity-level controls that are important to the auditor's 
overall opinion about internal control. Entity-level controls include controls related to: 


= The control environment 

m Management override 

= The company's risk assessment process 
| 


Centralized processing 


A5-6 Module 1 © Becker Professional Education Corporation. All rights reserved. 


AUD 5 Integrated Audit Procedures 


Monitoring the results of operations 
Monitoring other controls 


Period-end financial reporting 


Policies that address significant business control and risk management practices 


The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing 
that the auditor otherwise would have performed on other controls. Entity-level controls that are 
working effectively may allow the auditor to reduce the testing of lower-level controls, or might 
affect the nature, extent, or timing of the auditor's tests of lower-level controls. 


4.2 Identifying Significant Classes of Transactions, Account Balances, 
Disclosures, and Assertions 


The auditor should evaluate "inherent" risk factors to identify significant classes of transactions, 
account balances and disclosures, and their relevant assertions. Risk factors include: 


Account size and composition 

Susceptibility to misstatement 

Volume of activity, complexity, and homogeneity of transactions 

The nature of the account, class of transactions, or disclosure 
Accounting and reporting complexities 

Exposure to loss, or to the possibility of significant contingent liabilities 


The existence of related party transactions 


Changes from the prior period 


In determining what amount of audit attention should be applied to a particular class of 
transactions, account balance, disclosure, or assertion, the auditor should assess the risk that 
a material weakness in that area may exist, as well as the risk that such weakness will lead to a 
material misstatement in the financial statements. 


= Agreater risk implies that more audit attention should be applied, more evidence should be 
obtained, etc. 


= The evaluation of risk factors is the same for both an audit of the financial statements and 
an audit of (ICFR). 


= Awalk-through (in which a transaction is followed from origination through financial 
recording) is one of the most effective ways to identify likely sources of potential 
misstatement. 


4.3 Selecting Controls to Test 


The auditor should test those controls that are important in addressing the risk of 
material misstatement. 
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5 Testing Controls (Issuers and Nonissuers) 


es Pass Key 


AICPA Standards 


In an integrated audit, the auditor should evaluate the components of ICFR and determine 
whether the components are: 


1. present and functioning in design, implementation and operation; and 


2. operating together in an integrated manner. 


Components of ICFR: Recall that the components of internal control over financial reporting 
(ICFR) are: 


= Control environment 
Risk assessment 
Information and communication systems 


Monitoring 


Existing control activities 


5.1. Tests of Controls 


In testing controls, the auditor should: 


=m Evaluate the design effectiveness of the controls to determine whether the controls, if 
applied as prescribed, satisfy the company's control objectives and can effectively prevent 
or detect (and correct) material misstatements. 


e Walk-throughs, which include inquiry, observation, and inspection of documentation, 
are often used to evaluate design effectiveness. 


=m Test and evaluate the operating effectiveness of the controls to determine whether the 
controls are operating as designed, and whether the persons implementing the controls are 
qualified to implement them effectively. 


e Operating effectiveness is typically tested through inquiry, inspection of documentation, 
observation, recalculation, and reperformance. 


e — Inquiry alone is not sufficient to support a conclusion about operating effectiveness. 
= Obtain relatively more evidence for controls that are subject to a greater risk of failure. 


= Obtain sufficient appropriate evidence to support the opinion about the overall 
effectiveness of the entity's internal control. 


e The auditor is not responsible for obtaining sufficient evidence to support an opinion 
about the effectiveness of each individual control, but rather the effectiveness of the 
entity's internal control overall. 
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= Determine the effect of any identified control deviations on the assessment of risk 
associated with the control, the amount of evidence to be obtained, and the operating 
effectiveness of the control. 


e An individual control does not have to operate without any deviation to be 
considered effective. 


= Determine the appropriate timing for tests of controls. 


e Tests performed over a longer period of time provide more evidence of effectiveness 
than tests performed over a shorter period. 


e Tests performed closer to the date of management's assertion provide more evidence 
than testing performed earlier in the year. (Tests performed earlier in the year should 
be supplemented with additional evidence for the remainder of the year.) 


e The auditor should use judgment in balancing the timing of tests. 
=m Consider knowledge obtained during past audits. 


= Incorporate an element of unpredictability into the testing. 


5.2 Use of Service Organizations 


A service organization may be part of an entity's internal control. In such cases, the auditor should: 
= Obtain an understanding of relevant controls. 


= Obtain evidence that the controls at the service organization are operating effectively by 
performing one or more of the following: Obtaining a service auditor's report, testing the 
entity's controls over the activities of the service organization, and/or performing tests of 
controls at the service organization. 


e If the date specified in management's assertion is significantly beyond the time 
period covered by the service auditor's report, the auditor should perform additional 
procedures. 


e Noreference should be made to the service auditor's report in the auditor's report on 
internal control. 


5.3. Benchmarking of Automated Controls 


Automated application controls are not particularly susceptible to human error. If general 
controls with respect to program modifications, access, and operations are tested and continue 
to be effective, and if the automated controls have not changed from one year to the next, the 
auditor may not need to repeat specific testing performed in the previous year (but would need 
to verify that the control has not changed). This "benchmarking" strategy is most appropriate in 
low-risk situations. 


6 Evaluating Control Deficiencies (Issuers and Nonissuers) 


The auditor should determine whether identified deficiencies represent significant deficiencies 
or material weaknesses (either alone or in combination). This determination should be based on: 


1. the magnitude of the potential misstatement resulting from the deficiency; and 


2. whether there is a reasonable possibility that the control will fail to prevent, or detect and 
correct, a material misstatement. 
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As indicated previously, indicators of material weaknesses include senior management fraud, 
restatement of previous financial statements to correct a material error, identification by the 
auditor of a material misstatement that the entity's controls would not have detected, and 
ineffective oversight by those charged with governance. A control weakness may be a material 
weakness even if no misstatement actually occurred. 


Compensating controls, if tested and found to be operating effectively, may limit the severity of 
an identified deficiency and prevent it from being a material weakness. 


7 Forming an Opinion (Issuers and Nonissuers) 


The auditor should form an opinion about the effectiveness of internal control. The auditor 
should base this opinion on all available evidence, including both evidence obtained from the 
financial statement audit and evidence obtained during the audit of ICFR. 


After forming an opinion on the effectiveness of the entity's internal control over financial 
reporting, the auditor should evaluate management's report on internal control. 


Management's report should: 
= Indicate that management is responsible for internal control. 
= Describe the subject matter (e.g., controls over financial statement preparation). 


= Identify the criteria used by management to measure the effectiveness of the entity's 
internal control. 


=m Include a statement of management's assessment about the effectiveness of internal 
control, including an "as of" date. The "as of" date should be the end of the entity's most 
recent fiscal year. 


= Describe any material weaknesses identified by management. 


=m Ifthe auditor determines that the required disclosures for one or more material weaknesses 
have not been included in management's report, this should be stated in the auditor's 
report. The auditor's report should include a description of each material weakness not 
included in management's report. 


=  Ifmanagement's report is incomplete or improperly presented, the auditor should modify 
his or her own report to discuss the situation. If management refuses to supply a report, the 
auditor should withdraw from the engagement. 


=m Ifmanagement's report contains additional information beyond that noted above, the 
auditor should read the additional information to ensure that there are no material 
inconsistencies with management's report and disclaim an opinion on such information. For 
example, if the report states that management believes the cost of correcting a weakness 
would exceed the benefits to be derived from implementing new policies and procedures, 
the auditor should disclaim an opinion on management's "cost-benefit statement”: 


We did not perform auditing procedures on management's cost-benefit statement and, 
accordingly, we do not express an opinion or provide any assurance on it. 
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8 Financial Statement Audit vs. Audit of ICFR 
(Nonissuers) 


8.1 Differences Between the Two Engagements 


8.1.1 Purpose 


The purpose of an audit of the effectiveness of an entity's internal control is to express an opinion 
about whether the entity maintained, in all material respects, effective internal control as of a point 
in time based on the control criteria. The purpose of an auditor's consideration of internal control 
in an audit of financial statements conducted in accordance with GAAS is to enable the auditor to 
plan the audit and determine the nature, extent, and timing of tests to be performed. 


8.1.2 Relevant Period 


An audit of ICFR results in an opinion on internal control as of a point in time, and an opinion on 
financial statements relates to a longer period, such as a year. 


8.1.3 Extent of Testing 


An auditor's consideration of internal control in a financial statement audit is more limited 

than that of an auditor engaged to audit the effectiveness of the entity's internal control. In 
order to render an opinion on internal control, the auditor should obtain evidence about the 
effectiveness of selected controls over a// relevant assertions. In a financial statement audit, the 
auditor is not required to test controls over a// relevant assertions (for example, if a substantive 
approach is to be used instead). 


8.1.4 Communication of Control Deficiencies 


In a financial statement audit, the communication of significant deficiencies and material 
weaknesses must be made within 60 days of the report release date, whereas in an audit of 
ICFR, the communication must be made by the report release date. 


In a financial statement audit, the communication of significant deficiencies and material 
weaknesses should include restricted-use language, but in an audit of ICFR, no restriction on the 
use of the report is required. 


8.2 Interrelationships Between the Two Engagements 


The results from one type of engagement should be considered in performing the other type 
of engagement. 


= In forming an opinion on internal control, the auditor should consider the results of tests of 
controls performed as part of the financial statement audit. 


= In concluding on the effectiveness of controls as part of the financial statement audit, the 
auditor should consider the results of tests performed as part of the internal control audit. 


m= If during the audit of ICFR a deficiency is noted, the auditor should consider this deficiency 
in determining the nature, timing, and extent of substantive tests in the financial statement 
audit. 


= The auditor should consider whether any observations made during the financial 
statement audit impact the auditor's opinion on internal control. For example, identified 
misstatements might imply that controls are not functioning effectively. 


e Note that the absence of misstatements does not imply operating effectiveness, 
although it may affect the auditor's assessment of risk. 
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an Integrated Audit 


1. Communications With Management and Those 
Charged With Governance (Nonissuers Only) 


1.1 Significant Deficiencies and Material Weaknesses 


The auditor should communicate to management and those charged with governance, in writing, 
all significant deficiencies and material weaknesses found during the audit of the internal controls 
of a nonissuer (including those remediated during the integrated audit and those that were 
previously communicated in writing, but which have not been corrected). 


=m Such communication generally should be made by the report release date. 


= Significant deficiencies and material weaknesses that were previously communicated in 
writing, but which have not been corrected, may be communicated by referring to the 
previously issued written communication and the date of the communication. 


=m The auditor may choose to communicate significant matters earlier, during the course of 
the integrated audit, but this does not negate the requirement for a written communication, 
even if the deficiencies were corrected during the audit. 


1.1.1 Sample Communication: To Management and Those Charged With Governance 


To Management and [identify the body or individuals charged with governance, such 
as the entity's board of directors] of ABC Company: 


In connection with our audit of ABC Company's (the Company) financial 
statements as of December 31, 20XX, and for the year then ended, and our audit 
of the Company's internal control over financial reporting as of December 31, 
20XX (integrated audit), auditing standards generally accepted in the United 
States of America require that we advise you of the following matters relating to 
internal control over financial reporting (internal control) identified during our 
integrated audit. 


Our responsibility is to plan and perform our integrated audit to obtain 
reasonable assurance about whether the financial statements are free from 
material misstatement, whether due to fraud or error, and whether effective 
internal control was maintained in all material respects (that is, whether material 
weaknesses exist as of the date specified in management's assessment). The 
integrated audit is not designed to detect deficiencies that, individually or in 
combination, are less severe than a material weakness. 


(continued) 
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(continued) 


A deficiency in internal control exists when the design or operation of a control 
does not allow management or employees, in the normal course of performing 
their assigned functions, to prevent, or detect and correct, misstatements on a 
timely basis. A material weakness is a deficiency, or a combination of deficiencies, 
in internal control, such that there is a reasonable possibility that a material 
misstatement of the entity's financial statements will not be prevented, or 
detected and corrected, on a timely basis. [We consider the following deficiencies in 
the Company's internal control to be material weaknesses:] 


[Describe the material weaknesses that were identified during the integrated audit 
and provide an explanation of their potential effects. The auditor may separately 
identify those material weaknesses that exist as of the date specified in management's 
assessment about ICFR by referring to the auditor's report.] 


[A significant deficiency is a deficiency, or a combination of deficiencies, in internal 
control that is less severe than a material weakness, yet important enough to merit 
attention by those charged with governance. We consider the following deficiencies in 
the Company's internal control over financial reporting to be significant deficiencies:] 


[Describe the significant deficiencies that were identified during the integrated audit 
and provide an explanation of their potential effects.] 


This communication is intended solely for the information and use of 
management [identify the body or individuals charged with governance], others 
within the organization, and [identify any governmental authorities to which the 
auditor is required to report], and is not intended to be and should not be used by 
anyone other than these specified parties. 


[Auditor's signature] 
[Auditor's city and state] 
[Date of the auditor's report] 


1.2 All Deficiencies 


The auditor should communicate to management, in writing, all deficiencies identified during the 
integrated audit (i.e., even those that do not rise to the level of being significant deficiencies or 
material weaknesses). 


A5-14 


This written communication should be made no /ater than 60 days following the report 
release date. The auditor should also inform those charged with governance when such a 
communication has been made. Deficiencies previously communicated in writing need not 
be repeated. 


If the auditor concludes that the oversight of financial reporting and internal control by the 
company's audit committee (or similar body) is ineffective, the auditor must communicate 
that conclusion in writing to the board of directors. 


The auditor is not required to search for control deficiencies that are less severe than a 
material weakness, but those that are identified should be reported. 
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= An audit does not provide assurance that all deficiencies less severe than a material weakness 
have been identified, so the auditor should not issue a report stating that no such deficiencies 
were noted. The auditor also should not issue a report stating that no material weaknesses 
were identified. 


Communication of Deficiencies in Internal Control (Nonissuer) 


Communicate 
the deficiency Communication 
Communicate to those Communication | should be made 
the deficiency to charged with should be made | within 60 days 
management, governance, in by the report of the report 
in writing. writing. release date. release date. 
Control deficiency v v 
Significant deficiency v v v 
Material weakness v v v 


2 Communications With Management 
and the Audit Committee (Issuers Only) 


The auditor must communicate, in writing, to management and the audit committee, all material 
weaknesses identified during the audit. The written communication should be made prior to the 
issuance of the auditor's report on internal control over financial reporting. 


= The auditor is required to communicate any identified significant deficiencies, in writing, to the 
audit committee. 


= The auditor should communicate to management, in writing, all deficiencies in internal control 
over financial reporting (i.e., those deficiencies in internal control over financial reporting 
that are of a lesser magnitude than material weaknesses) identified during the audit and 
inform the audit committee when such a communication has been made. 


= Ifthe auditor concludes that the oversight of financial reporting and internal control by the 
company's audit committee is ineffective, the auditor must communicate that conclusion in 
writing to the board of directors. 


= The auditor is not required to search for control deficiencies or significant deficiencies, but 
those that are identified should be communicated. 


= An audit does not provide assurance that all control deficiencies or all significant 
deficiencies have been identified, so the auditor should not issue a report stating that no 
such deficiencies were noted. 


m= The PCAOB has not provided sample communications to management or the audit committee. 
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Communication of Deficiencies in Internal Control (Issuer) 


Communicate the Communication 
deficiency to management, (to management and the audit 
in writing, and inform Communicate the | committee) should be made 
the audit committee deficiency to the prior to the issuance of 
that this communication audit committee, | the auditor's report on 
has been made. in writing. internal control. 

Control deficiency v v 

Significant deficiency v v v 

Material weakness v v v 


3 Reporting on Internal Control (Nonissuers) 


The auditor must report directly on the effectiveness of the entity's internal control. 


3.1 Separate or Combined Reports 


The auditor is required to report on both the company's financial statements and on its internal 
control over financial reporting. Two separate reports, or one combined report (that is, one 
report containing both an opinion on the financial statements and an opinion on internal 
control), may be issued. 


3.1.1 Separate Reports 


If separate reports are issued, each report should contain a separate paragraph within the 
"Opinion" section of each auditor's report making reference to the other report and indicating 
the nature of the opinion expressed. 


3.1.2 Sample Report: Separate Report on Internal Control 
Over Financial Reporting (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on Internal Control Over Financial Reporting 
Opinion on Internal Control Over Financial Reporting 


We have audited ABC Company's internal control over financial reporting as of 
December 31, 20XX, based on [identify criteria]. In our opinion, ABC Company 
maintained, in all material respects, effective internal control over financial 
reporting as of December 21, 20XX, based on [identify criteria]. 


(continued) 
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(continued) 


We also have audited, in accordance with auditing standards generally accepted 
in the United States of America (GAAS), the [identify financial statements] of ABC 
Company, and our report dated [date of report, which should be the same as the 
date of the report on the audit of ICFR] expressed [include nature of opinion]. 


Basis for Opinion 


We conducted our audit in accordance with GAAS. Our responsibilities under 
those standards are further described in the Auditor's Responsibilities for the 
Audit of Internal Control Over Financial Reporting section of our report. We are 
required to be independent of ABC Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements relating to 
our audit. We believe that the audit evidence we have obtained is sufficient and 
appropriate to provide a basis for our audit opinion. 


Responsibilities of Management for Internal Control 
Over Financial Reporting 


Management is responsible for designing, implementing, and maintaining 
effective internal control over financial reporting, and for its assessment about 
the effectiveness of internal control over financial reporting, included in the 
accompanying [title of management's report]. 


Auditor's Responsibilities for the Audit of Internal Control 
Over Financial Reporting 


Our objectives are to obtain reasonable assurance about whether effective 
internal control over financial reporting was maintained in all material respects 
and to issue an auditor's report that includes our opinion on internal control over 
financial reporting. Reasonable assurance is a high level of assurance but is not 
absolute assurance and therefore is not a guarantee that an audit of internal 
control over financial reporting conducted in accordance with GAAS will always 
detect a material weakness when it exists. 


In performing an audit of internal control over financial reporting in accordance 
with GAAS, we: 


* Exercise professional judgment and maintain professional skepticism 
throughout the audit. 


* Obtain an understanding of internal control over financial reporting, assess 
the risks that a material weakness exists, and test and evaluate the design and 
operating effectiveness of internal control over financial reporting based on the 
assessed risk. 


(continued) 
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Definition and Inherent Limitations of Internal Control 
Over Financial Reporting 


An entity's internal control over financial reporting is a process effected by 

those charged with governance, management, and other personnel, designed 

to provide reasonable assurance regarding the preparation of reliable financial 
statements in accordance with [applicable financial reporting framework, such as 
accounting principles generally accepted in the United States of America]. An entity's 
internal control over financial reporting includes those policies and procedures 
that (1) pertain to the maintenance of records that, in reasonable detail, accurately 
and fairly reflect the transactions and dispositions of the assets of the entity; 

(2) provide reasonable assurance that transactions are recorded as necessary to 
permit preparation of financial statements in accordance with [applicable financial 
reporting framework, such as accounting principles generally accepted in the United 
States of America], and that receipts and expenditures of the entity are being made 
only in accordance with authorizations of management and those charged with 
governance; and (3) provide reasonable assurance regarding prevention, or timely 
detection and correction of unauthorized acquisition, use, or disposition of the 
entity's assets that could have a material effect on the financial statements. 


Because of its inherent limitations, internal control over financial reporting 

may not prevent, or detect and correct, misstatements. Also, projections of any 
assessment of effectiveness to future periods are subject to the risk that controls 
may become inadequate because of changes in conditions, or that the degree of 
compliance with the policies or procedures may deteriorate. 


Report on Other Legal and Regulatory Requirements 


[The form and content of this section of the auditor's report would vary depending on 
the nature of the auditor's other reporting responsibilities. ] 

[Signature of the auditor's firm] 

[City and state where the auditor's report is issued] 

[Date of the auditor's report] 


Pass Key 


The examiners have focused many questions in prior exams on the "inherent 
limitations paragraph." 
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The following paragraph should be added to the separate report on the financial statements 
(nonissuer): 


Report on Audit of ICFR 


We also have audited, in accordance with auditing standards generally accepted 
in the United States of America, [entity name]'s internal control over financial 
reporting as of December 31, 20X8, based on [identify criteria] and our report 
dated [date of report, which should be the same as the date of the report on the 
financial statements] expressed [include nature of opinion]. 


3.1.3 Sample Report: Combined Report on Internal Control Over 
Financial Reporting and on the Financial Statements (Nonissuer) 


Independent Auditor's Report 
[Appropriate Addressee] 
Report on the Financial Statements and Internal Control 


Opinions on the Financial Statements and Internal Control 
Over Financial Reporting 


We have audited the financial statements of ABC Company, which comprise the 
balance sheet as of December 31, 20XX, and the related statements of income, 
changes in stockholders' equity, and cash flows for the year then ended, and 
the related notes to the financial statements. In our opinion, the accompanying 
financial statements present fairly, in all material respects, the financial position 
of ABC Company as of December 31, 20XX, and the results of its operations and 
its cash flows for the year then ended in accordance with accounting principles 
generally accepted in the United States of America. 


We also have audited ABC Company's internal control over financial reporting as 
of December 31, 20XX, based on [identify criteria]. In our opinion, ABC Company 
maintained, in all material respects, effective internal control over financial 
reporting as of December 31, 20XX, based on [identify criteria]. 


Basis for Opinions 


We conducted our audits in accordance with auditing standards generally 
accepted in the United States of America (GAAS). Our responsibilities under those 
standards are further described in the Auditor's Responsibilities for the Audits of 
the Financial Statements and Internal Control Over Financial Reporting section of 
our report. We are required to be independent of ABC Company and to meet our 
other ethical responsibilities, in accordance with the relevant ethical requirements 
relating to our audits. We believe that the audit evidence we have obtained is 
sufficient and appropriate to provide a basis for our audit opinions. 


(continued) 
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Responsibilities of Management for the Financial Statements 
and Internal Control Over Financial Reporting 


Management is responsible for the preparation and fair presentation of 

the financial statements in accordance with accounting principles generally 
accepted in the United States of America, and for the design, implementation, 
and maintenance of effective internal control over financial reporting relevant 
to the preparation and fair presentation of financial statements that are free 
from material misstatement, whether due to fraud or error. Management is also 
responsible for its assessment about the effectiveness of internal control over 
financial reporting, included in the accompanying [title of management's report]. 


In preparing the financial statements, management is required to evaluate 
whether there are conditions or events, considered in the aggregate, that raise 
substantial doubt about ABC Company's ability to continue as a going concern 
[insert the time period set by the applicable financial reporting framework]. 


Auditor's Responsibilities for the Audits of the Financial Statements 
and Internal Control Over Financial Reporting 


Our objectives are to obtain reasonable assurance about whether the financial 
statements as a whole are free from material misstatement, whether due to fraud 
or error, and about whether effective internal control over financial reporting was 
maintained in all material respects, and to issue an auditor's report that includes 
our opinions. 


Reasonable assurance is a high level of assurance but is not absolute assurance 
and therefore is not a guarantee that an audit of financial statements or an audit 
of internal control over financial reporting conducted in accordance with GAAS will 
always detect a material misstatement or a material weakness when it exists. The 
risk of not detecting a material misstatement resulting from fraud is higher than 
for one resulting from error, as fraud may involve collusion, forgery, intentional 
omissions, misrepresentations, or the override of internal control. Misstatements 
are considered to be material if there is a substantial likelihood that, individually 
or in the aggregate, they would influence the judgment made by a reasonable 
user based on the financial statements. 


In performing an audit of financial statements and an audit of internal control 
over financial reporting in accordance with GAAS, we: 


« Exercise professional judgment and maintain professional skepticism 
throughout the audits. 


* Identify and assess the risks of material misstatement of the financial 
statements, whether due to fraud or error, and design and perform audit 
procedures responsive to those risks. Such procedures include examining, on 
a test basis, evidence regarding the amounts and disclosures in the financial 
statements. 


(continued) 
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(continued) 


* Obtain an understanding of internal control relevant to the statement audit in 
order to design audit procedures that are appropriate in the circumstances. 


* Obtain an understanding of internal control over financial reporting relevant to the 
audit of internal control over financial reporting, assess the risks that a material 
weakness exists, and test and evaluate the design and operating effectiveness of 
internal control over financial reporting based on the assessed risk. 


« Evaluate the appropriateness of accounting policies used and the 
reasonableness of significant accounting estimates made by management, as 
well as evaluate the overall presentation of the financial statements. 


* Conclude whether, in our judgment, there are conditions or events, considered 
in the aggregate, that raise substantial doubt about ABC Company's ability to 
continue as a going concern for a reasonable period of time. 


We are required to communicate with those charged with governance regarding, 
among other matters, the planned scope and timing of the audit, significant audit 
findings, and certain internal control-related matters that we identified during the 
financial statement audit. 


Definition and Inherent Limitations of Internal Control 
Over Financial Reporting 


An entity's internal control over financial reporting is a process effected by those 
charged with governance, management, and other personnel, designed to provide 
reasonable assurance regarding the preparation of reliable financial statements 

in accordance with accounting principles generally accepted in the United States 
of America. An entity's internal control over financial reporting includes those 
policies and procedures that (1) pertain to the maintenance of records that, in 
reasonable detail, accurately and fairly reflect the transactions and dispositions 

of the assets of the entity; (2) provide reasonable assurance that transactions are 
recorded as necessary to permit preparation of financial statements in accordance 
with accounting principles generally accepted in the United States of America, and 
that receipts and expenditures of the entity are being made only in accordance 
with authorizations of management and those charged with governance; and 

(3) provide reasonable assurance regarding prevention, or timely detection and 
correction of unauthorized acquisition, use, or disposition of the entity's assets 
that could have a material effect on the financial statements. 


Because of its inherent limitations, internal control over financial reporting 

may not prevent, or detect and correct, misstatements. Also, projections of any 
assessment of effectiveness to future periods are subject to the risk that controls 
may become inadequate because of changes in conditions, or that the degree of 
compliance with the policies or procedures may deteriorate. 

Report on Other Legal and Regulatory Requirements 


[The form and content of this section of the auditor's report would vary depending on 
the nature of the auditor's other reporting responsibilities.] 


[Signature of the auditor's firm] 
[City and state where the auditor's report is issued] 
[Date of the auditor's report] 
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3.2. Report Date 


The report should be dated no earlier than the date on which sufficient appropriate evidence 
has been obtained. 


The date of the report on internal control should coincide with the date of the audit report on 
the financial statements. 


3.3. Material Weakness in Internal Control 
3.3.1 Adverse Opinion 


The presence of a material weakness in internal control results in an adverse opinion. The 
auditor's report should include a paragraph within the "Basis for Adverse Opinion on Internal 
Control Over Financial Reporting" section, defining the term "material weakness," stating that 
one or more material weaknesses were noted, and referring to the material weakness described 
in management's assertion. Following the opinion paragraph, the report should include a basis 
for opinion paragraph: 


Adverse Opinion on Internal Control Over Financial Reporting 


We have audited ABC Company's internal control over financial reporting as of 
December 31, 20XX, based on [identify criteria]. In our opinion, because of the 
effect of the material weakness described in the Basis for Adverse Opinion section 
on the achievement of the objectives of [identify criteria], ABC Company has not 
maintained effective internal control over financial reporting as of December 31, 
20XX, based on [identify criteria]. 


We also have audited, in accordance with auditing standards generally accepted 
in the United States of America (GAAS), the [identify financial statements] of ABC 
Company, and our report dated [date of report, which should be the same as the 
date of the report on the audit of ICFR] expressed [include nature of opinion]. 


We considered the material weakness described in the Basis for Adverse 
Opinion on Internal Control Over Financial Reporting section in determining the 
nature, timing, and extent of audit procedures applied in our audit of the 20XX 
financial statements, and this report does not affect such report on the financial 
statements. 


Basis for Adverse Opinion on Internal Control Over Financial Reporting 


A material weakness is a deficiency, or a combination of deficiencies, in internal 
control over financial reporting, such that there is a reasonable possibility that a 
material misstatement of the entity's financial statements will not be prevented, 
or detected and corrected, on a timely basis. The following material weakness has 
been identified and included in the accompanying [title of management's report]. 


[/dentify the material weakness described in management's report.] 


We conducted our audit in accordance with GAAS. Our responsibilities under 
those standards are further described in the Auditor's Responsibilities for the 
Audit of Internal Control Over Financial Reporting section of our report. We are 
required to be independent of ABC Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements relating to 
our audit. We believe that the audit evidence we have obtained is sufficient and 
appropriate to provide a basis for our audit opinion. 
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3.3.2 Other Considerations 


= Ifmanagement's report fails to include one or more material weaknesses identified by the 
auditor, the auditor's report should state this, and should describe the omitted weaknesses. 
The auditor also should communicate this situation, in writing, to those charged 
with governance. 


=m If management's report includes a material weakness but does not fairly present the 
weakness, the auditor's report should indicate this situation and should fairly describe the 
material weakness. 


=m The auditor should consider the effect of this adverse opinion on the financial statement 
opinion, and should indicate whether the opinion on the financial statements was affected 
by the material weaknesses. 


4 Reporting on Internal Control (Issuers) 


The auditor is required to report on both the company's financial statements and on its internal 
control over financial reporting. Two separate reports, or one combined report (that is, one 
report containing both an opinion on the financial statements and an opinion on internal 
control), may be issued. 


4.1 Separate or Combined Reports 


If separate reports are issued, each report should contain an explanatory paragraph making 
reference to the other report and indicating the nature of the opinion expressed. 


4.1.1 Sample Report: Separate Report on Internal Control 
Over Financial Reporting (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of W Company: 


Opinion on the Internal Control Over Financial Reporting 


We have audited the Company's internal control over financial reporting as 

of December 31, 20X8, based on [identify control criteria, for example, "criteria 
established in Internal Control-Integrated Framework: (20XX) issued by the Committee 
of Sponsoring Organizations of the Treadway Commission (COSO)"]. In our opinion, 
the Company maintained, in all material respects, effective internal control over 
financial reporting as of December 31, 20X8, based on [identify control criteria, for 
example, "criteria established in Internal Control-Integrated Framework: (20XX) issued 
by COSO"). 


We also have audited, in accordance with the standards of the Public Company 
Accounting Oversight Board (United States) (PCAOB), the [identify financial 
statements] of W Company and our report dated [date of report, which should be 
the same as the date of the report on the effectiveness of internal control over financial 
reporting] expressed [include nature of opinion]. 


(continued) 
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Basis for Opinion 


The Company's management is responsible for these financial statements, 

for maintaining effective internal control over financial reporting, and for its 
assessment of the effectiveness of internal control over financial reporting, 
included in the accompanying [title of management's report]. Our responsibility is 
to express an opinion on the company's internal control over financial reporting 
based on our audits. We are a public accounting firm registered with the Public 
Company Accounting Oversight Board (United States) (PCAOB) and are required to 
be independent with respect to the Company in accordance with the U.S. federal 
securities laws and the applicable rules and regulations of the Securities and 
Exchange Commission and the PCAOB. 


We conducted our audit in accordance with the standards of the PCAOB. Those 
standards require that we plan and perform the audits to obtain reasonable 
assurance about whether effective internal control over financial reporting was 
maintained in all material respects. 


Our audit of internal control over financial reporting included obtaining an 
understanding of internal control over financial reporting, assessing the risk that 

a material weakness exists, and testing and evaluating the design and operating 
effectiveness of internal control based on the assessed risk. Our audit also included 
performing such other procedures as we considered necessary in the circumstances. 
We believe that our audit provides a reasonable basis for our opinion. 


Definition and Limitations of Internal Control Over Financial Reporting 


A company's internal control over financial reporting is a process designed to provide 
reasonable assurance regarding the reliability of financial reporting and the preparation 
of financial statements for external purposes in accordance with generally accepted 
accounting principles. A company's internal control over financial reporting includes 
those policies and procedures that (1) pertain to the maintenance of records that, in 
reasonable detail, accurately and fairly reflect the transactions and dispositions of the 
assets of the company; (2) provide reasonable assurance that transactions are recorded 
as necessary to permit preparation of financial statements in accordance with generally 
accepted accounting principles, and that receipts and expenditures of the company 

are being made only in accordance with authorizations of management and directors 
of the company; and (3) provide reasonable assurance regarding prevention or timely 
detection of unauthorized acquisition, use, or disposition of the company's assets that 
could have a material effect on the financial statements. 


Because of its inherent limitations, internal control over financial reporting may 
not prevent or detect misstatements. Also, projections of any evaluation of 
effectiveness to future periods are subject to the risk that controls may become 
inadequate because of changes in conditions, or that the degree of compliance 
with the policies or procedures may deteriorate. 


[Signature] 

We have served as the Company's auditor since [year]. 
[City and state or country] 

[Date] 
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The following paragraph (no heading for this paragraph) should be added immediately following 
the opinion paragraph in the separate report on the financial statements. 


We also have audited, in accordance with the standards of the Public Company 
Accounting Oversight Board (United States) (PCAOB), the effectiveness of X 
Company's internal control over financial reporting as of December 31, 20X3, 
based on [identify control criteria] and our report dated [date of report, which should 
be the same as the date of the report on the financial statements] expressed [include 
nature of opinions]. 


4.1.2 Sample Report: Combined Report on Internal Control Over 
Financial Reporting and on the Financial Statements (Issuer) 


Report of Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of W Company: 
Opinions on the Financial Statements and Internal Control Over Financial Reporting 


We have audited the accompanying balance sheets of W Company (the "Company") as 

of December 31, 20X8 and 20X7, and the related statements of income, comprehensive 
income, stockholders' equity, and cash flows for each of the years in the two-year period 
ended December 31, 20X8, and the related notes [and schedules] (collectively referred to 

as the "financial statements"). We also have audited the Company's internal control over 
financial reporting as of December 31, 20X8, based on [identify control criteria, for example, 
"criteria established in Internal Control-Integrated Framework: (20XX) issued by the Committee of 
Sponsoring Organizations of the Treadway Commission (COSO)"). 


In our opinion, the financial statements referred to above present fairly, in all material 
respects, the financial position of the Company as of December 31, 20X8 and 20X7, and 
the results of its operations and its cash flows for each of the years in the two-year period 
ended December 31, 20X8, in conformity with accounting principles generally accepted in 
the United States of America. Also in our opinion, the Company maintained, in all material 
respects, effective internal control over financial reporting as of December 31, 20X8, based 
on [identify control criteria, for example, "criteria established in Internal Control-Integrated 
Framework: (20XX) issued by COSO"). 


Basis for Opinion 


The Company's management is responsible for these financial statements, for maintaining 
effective internal control over financial reporting, and for its assessment of the 
effectiveness of internal control over financial reporting, included in the accompanying 
[title of management's report]. Our responsibility is to express an opinion on the Company's 
financial statements and an opinion on the Company's internal control over financial 
reporting based on our audits. We are a public accounting firm registered with the Public 
Company Accounting Oversight Board (United States) (PCAOB) and are required to be 
independent with respect to the Company in accordance with the U.S. federal securities 
laws and the applicable rules and regulations of the Securities and Exchange Commission 
and the PCAOB. 
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We conducted our audits in accordance with the standards of the PCAOB. Those standards 
require that we plan and perform the audits to obtain reasonable assurance about whether 
the financial statements are free of material misstatement, whether due to error or fraud, 
and whether effective internal control over financial reporting was maintained in all 
material respects. 


Our audits of the financial statements included performing procedures to assess the risks 
of material misstatement of the financial statements, whether due to error or fraud, and 
performing procedures that respond to those risks. Such procedures included examining, 
on a test basis, evidence regarding the amounts and disclosures in the financial statements. 
Our audits also included evaluating the accounting principles used and significant estimates 
made by management, as well as evaluating the overall presentation of the financial 
statements. Our audit of internal control over financial reporting included obtaining an 
understanding of internal control over financial reporting, assessing the risk that a material 
weakness exists, and testing and evaluating the design and operating effectiveness of 
internal control based on the assessed risk. Our audits also included performing such other 
procedures as we considered necessary in the circumstances. We believe that our audits 
provide a reasonable basis for our opinions. 


Definition and Limitations of Internal Control Over Financial Reporting 


A company's internal control over financial reporting is a process designed to provide 
reasonable assurance regarding the reliability of financial reporting and the preparation 

of financial statements for external purposes in accordance with generally accepted 
accounting principles. A company's internal control over financial reporting includes those 
policies and procedures that (1) pertain to the maintenance of records that, in reasonable 
detail, accurately and fairly reflect the transactions and dispositions of the assets of the 
company; (2) provide reasonable assurance that transactions are recorded as necessary 

to permit preparation of financial statements in accordance with generally accepted 
accounting principles, and that receipts and expenditures of the company are being made 
only in accordance with authorizations of management and directors of the company; and 
(3) provide reasonable assurance regarding prevention or timely detection of unauthorized 
acquisition, use, or disposition of the company's assets that could have a material effect on 
the financial statements. 


Because of its inherent limitations, internal control over financial reporting may not prevent 
or detect misstatements. Also, projections of any evaluation of effectiveness to future 
periods are subject to the risk that controls may become inadequate because of changes in 
conditions, or that the degree of compliance with the policies or procedures may deteriorate. 


Critical Audit Matters 

[Include critical audit matters] 

[Signature] 

We have served as the Company's auditor since [year]. 
[City and state or country] 

[Date] 
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4.2 Report Date 


The report should be dated no earlier than the date on which sufficient appropriate evidence 
has been obtained. 


The date of the report on internal control should coincide with the date of the audit report on 
the financial statements. 


4.3. Material Weakness in Internal Control 


A material weakness requires the auditor to issue an adverse opinion. The auditor's report must 
include the definition of a material weakness, a statement that a material weakness has been 
identified and therefore the entity's internal control over financial reporting cannot be considered 
effective, and an identification of the material weakness described in management's assessment. 


= lf management's report fails to include one or more material weaknesses identified by the 
auditor, the auditor's report should state this, and should describe the omitted weaknesses. The 
auditor should also communicate this situation, in writing, to those charged with governance. 


=m If management's report includes a material weakness but does not fairly present the 
weakness, the auditor's report should indicate this situation and should fairly describe the 
material weakness. 


= The auditor should consider the effect of this adverse opinion on the financial statement 
opinion, and should indicate whether the opinion on the financial statements was affected 
by the material weaknesses. 


4.4 Reporting on a Previously Reported Internal Control Weakness 


In some cases, management's assessment of the company's internal control over financial 
reporting may reveal that the company has one or more material weaknesses. 


If the material weaknesses are subsequently eliminated, management may wish to 
communicate this fact to the investing public, and may also wish to have an independent 
auditor attest to the improvements in internal control. 


m An engagement to report on whether a previously reported internal control weakness 
continues to exist is a voluntary engagement, not required by professional standards. The 
engagement may be performed at any time during the year. 


= The auditor's objective is to express an opinion on whether a previously reported material 
weakness has been eliminated. 


=m The auditor may perform such an engagement only if: 


e Heor she has sufficient overall knowledge of both the company and its internal control 
over financial reporting. 


e Management accepts responsibility for the effectiveness of internal control, evaluates 
its effectiveness, asserts that internal control is effective, provides support for this 
assertion, and presents a written report that will accompany the auditor's report. 


= The auditor's testing is limited to the controls specifically identified by management as 
eliminating the material weakness. 


=m To issue an unmodified opinion, the auditor must obtain evidence about the design and 
operating effectiveness of the specifically identified controls, determine that the material 
weakness has been eliminated, and determine that no scope limitations were placed on the 
auditor's work. 
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5 Other Reporting Issues (Issuers and Nonissuers) 


5.1 Scope Limitations 


The auditor should withdraw from the engagement or issue a disclaimer of opinion if the scope 
of the audit is restricted. 


When disclaiming an opinion because of a scope limitation, the auditor should state that an 
opinion is not being expressed within the "Disclaimer of Opinion on Internal Control Over 
Financial Reporting" section and state the substantive reasons for the disclaimer within the 
"Basis for Disclaimer of Opinion on Internal Control Over Financial Reporting" section. Ina 
disclaimer of opinion, the auditor should: 


1. Modify the first sentence of the introductory paragraph slightly ("We were engaged to 
audit ...") and omit the last sentence. 


2. Omit the scope paragraph (issuer) or amend the auditor's responsibility paragraph 
(nonissuer) to state, "Our responsibility is to conduct an audit of ABC Company's internal 
control over financial reporting in accordance with GAAS. However, because of the matter 
described in the Basis for Disclaimer of Opinion on Internal Control Over Financial Reporting 
section, we were not able to obtain sufficient appropriate audit evidence to provide a basis 
for an audit opinion." 


3. Include a separate paragraph (issuer) or basis for disclaimer of opinion paragraph 
(nonissuer) describing the reason for the disclaimer. 


4. Revise the opinion paragraph, as shown below. 


5.1.1 Sample Opinion Paragraph: Disclaimer Due to Scope Limitation (Issuer) 


Because of the limitation on the scope of our audit described in the second 
paragraph, the scope of our work was not sufficient to enable us to express, 
and we do not express, an opinion on the effectiveness of W Company's internal 
control over financial reporting. 


5.1.2 Sample Opinion Paragraph: Disclaimer Due to Scope Limitation (Nonissuer) 


Disclaimer of Opinion on Internal Control Over Financial Reporting 


We were engaged to audit ABC Company's internal control over financial reporting 
as of December 31, 20XX, based on [identify criteria]. Because of the significance 

of the matter described in the Basis for Disclaimer of Opinion on Internal Control 
Over Financial Reporting section, we have not been able to obtain sufficient 
appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we 
do not express an opinion on the effectiveness of ABC Company's internal control 
over financial reporting. 
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The auditor should also consider the following: 


m Language that might overshadow the disclaimer (e.g., a list of procedures performed or 
commonly performed) should not be used. 


= Any material weaknesses identified should be described, and the definition of a material 
weakness should be included, in the disclaimer. 


m=  [fthe auditor cannot express an opinion due to a scope limitation, management and those 
charged with governance should be informed, in writing. 


=m The auditor may issue a report disclaiming an opinion on internal controls as soon as 
the auditor concludes that a scope limitation will prevent the auditor from obtaining the 
assurance necessary to express an opinion. 


5.2 Use of Component Auditor (Other Auditor) 


As is the case with a financial statement audit, a component auditor (other auditor) may be 
involved in the audit of an entity's internal control. The group engagement partner (principal 
auditor) decides whether the involvement of the other auditor warrants reference in the 
auditor's report. 


The decision about whether to make reference to another auditor in the report on internal 
control is independent of the similar decision made with respect to the financial statement audit. 
The two decisions may differ. 


5.3. Subsequent Events 


As is the case with a financial statement audit, subsequent events (in this case, changes in 
internal control) may occur after the "as of" date of the report, but prior to the date of the 
auditor's report. 


= The auditor should: 
e — Inquire of management. 
e Obtain written representations from management. 
e Inquire about and examine documentation for the subsequent period. 


= If, before the date of the auditor's report, the auditor obtains information about a matter 
that existed on the "as of" date of the report, appropriate action should be taken (for 
example, an adverse opinion would be issued if a material weakness were discovered). 


= Ifthe auditor obtains information about conditions that arose subsequent to the "as 
of" date of the auditor's report, this information should be included in an explanatory 
paragraph of the report. 


= The auditor has no responsibility to keep informed with respect to events occurring after the 
date of the report, but if the auditor becomes aware of conditions that existed at the report 
date, appropriate action should be taken. 
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NOTES 
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Attestation Engagements 
and Standards 


1 ‘Introduction 


Attestation services are a type of engagement gaining in importance. Attest engagements have 
grown out of the need for independent expression of assurance on subject matters other than 
basic financial statements. 


1.1 Definitions and Key Concepts 


Attest engagements are defined as those in which a practitioner (CPA) is engaged to issue or 
does issue an examination, a review, or an agreed-upon procedures report on subject matter, 
or on an assertion about the subject matter, that is the responsibility of a party other than the 
practitioner (usually management). An attest engagement may be part of a larger engagement, 
such as a feasibility study or a business acquisition study. 


The purpose of an examination or review engagement is to provide users of information with 
an opinion (examination) or conclusion (review) regarding the underlying subject matter, as 
measured or evaluated against suitable and available criteria. The purpose of an agreed-upon 
procedures engagement is to provide users of information with the results of procedures 
performed by the practitioner on underlying subject matter or subject matter information and 
results in findings rather than in an opinion or conclusion. 


Underlying subject matter is defined as the phenomenon that is measured or evaluated by 
applying criteria (examination or review) or the phenomenon upon which procedures are 
performed (agreed-upon procedures). Subject matter information is the outcome of the 
measurement or evaluation of the underlying subject matter against criteria. An assertion about 
whether the underlying subject matter is in accordance with the criteria is a form of subject 
matter information. 


1.2 Attestation Engagements 


Statements on Standards for Attestation Engagements (SSAE) established by the AICPA provide 
information addressing attestation services for the following subject matters: 


=m Agreed-upon procedures 
Financial forecasts and projections 
Pro forma financial statements 
Compliance 


Management's discussion and analysis (MD&A) 


Reporting on controls at a service organization 
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Each type of attestation service allows a different combination of reporting options: 


Assertion-Based Agreed-Upon 
Attestation Service Examination Review Procedures 
Agreed-upon procedures v 
Prospective financial statements v v 
Pro forma financial statements v v 
Compliance v v 
MD&A v v 
Service organizations v 


Note that preparations and compilations are also allowed for prospective financial statements. 
However, with the issuance of SSAE 18, preparations and compilations of prospective financial 
statements are no longer addressed in the attestation standards and are instead governed by 
the SSARS standards. 


Via Pass Key 


The following standards apply to services a CPA may provide: 


° Audit Engagements: SAS (Statements on Auditing Standards); PCAOB standards 
for issuers 


e Preparation, Compilation, and Review Engagements: SSARS (Statements on 
Standards for Accounting and Review Services) 


e Attest Engagements: SSAE (Statements on Standards for Attestation Engagements) 


Statements on Standards for Attestation Engagements (SSAE) do not apply to: 

Audits 

Preparation, compilations, and reviews of the financial statements of nonissuers under SSARS 
Return preparation (income tax, franchise, other) 

Advocating for the client (litigation services) 


Providing consulting/advisory services 


Audits of internal controls over financial reporting 
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2 Attestation Standards 


2.1 Overview 


Attestation standards are intended to provide guidance and set boundaries around the 
increasingly broad variety of attestation services rendered by a CPA (also referred to as a 
practitioner). Attestation standards provide a measure of quality and describe the objectives to 
be achieved in an attestation engagement. 


Attestation standards are much broader in scope than GAAS and apply specifically to 
attestation engagements. They do not supersede any existing standards (SAS, SSARS) for 
other engagements. 


Attestation standards are a natural extension of GAAS but differ conceptually from GAAS in 
two ways: 


1. Noreference is made to historical financial statements. 
2. No reference is made to generally accepted accounting principles. 


In addition, attestation standards provide for services tailored to the needs of the user, who may 
directly participate in specifying either the nature and scope of the engagement or the criteria 
against which the assertions are measured or evaluated. (In such engagements, a limited use 
report is provided.) 


Attestation standards include a hierarchy similar to the GAAS hierarchy. 
= Departures from presumptively mandatory requirements must be justified. 


m Interpretative publications should be considered (with departures explained). Examples 
include: 


e Interpretations on the Statements on Standards for Attestation Engagements (SSAEs) 
e — Exhibits to SSAEs 

e Guidance on attestation engagements included in AICPA audit and accounting guides 
e AICPA attestation Statements of Position 


= Other attestation publications have no authoritative status but may be helpful. Examples 
include: 


e AICPA attestation publications not identified in interpretative publications 
e Attestation articles in the Journal of Accountancy and other professional journals 


e Continuing professional education materials, textbooks, guidebooks, attestation 
programs, checklists, and other attestation publications from state CPA societies, other 
organizations, and individuals 
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2.2 ©Common Concepts 


The attestation standards include guidance on concepts that are common to all attestation 
engagements. An easy way to remember these common concepts is with the mnemonic 
"CAPE CORP." 


Compliance with all attestation standards relevant to the engagement. 


e Inrare circumstances when the practitioner judges it necessary to depart from a 
relevant presumptively mandatory requirement, alternative procedures should be 
performed to achieve the intent of that requirement. 


Acceptance and continuance are satisfactorily performed for client relationships and 
attestation engagements. 


Preconditions for an attestation engagement are present, including: 


e The practitioner must be independent, except when required by law or regulation to 
accept the engagement. 


e The responsible party takes responsibility for the underlying subject matter. 


e The subject matter is appropriate, the criteria to be applied against the subject matter 
are appropriate, and the practitioner expects to be able to obtain the evidence needed, 
and the opinion, conclusion, or findings will be issued in a written report. 


Engagement documentation standards for timeliness, retention, ownership, and 
confidentiality apply. 


Acceptance of a change in the terms of the engagement as reasonable, when applicable. 
Using the work of an other practitioner is allowed. 


e The practitioner should perform appropriate due diligence on the other practitioner's 
independence, professional competence, willingness to comply with ethical 
requirements, and adequate performance of work. 


Responsibility for quality control, including: 


e The engagement partner should take responsibility for the overall quality of the 
attestation engagement, including remaining alert for any evidence of noncompliance 
with relevant ethical requirements. 


e The engagement team and any specialists have the appropriate competence and 
capabilities and are informed of their responsibilities, the objectives of procedures, and 
matters that may affect the nature, extent, and timing of procedures. 


e  Ifan engagement quality control review is required for an engagement, the engagement 
partner is responsible for discussing with the reviewer significant findings or issues and 
should not release the practitioner's report until completion of the engagement quality 
control review. 


Professional skepticism and professional judgment must be maintained throughout the 
planning and performance of an attestation engagement. 
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2.3. Attestation Risk 


In an examination or review engagement, attestation risk is the risk that the practitioner expresses 
an inappropriate opinion or conclusion, as applicable, when the subject matter information or 
assertion is materially misstated. Attestation risk is very similar to the audit risk model. 


Note that attestation risk does not apply to agreed-upon procedures engagements, as such 
engagements involve performing specific procedures on underlying subject matter or subject 
matter information and reporting findings without providing an opinion or conclusion. 


In general, attestation risk can be represented by the following three components, although not 
all of these components will necessarily be present or significant for all engagements: 


1. Inherent Risk 


The susceptibility of the underlying subject matter to a material misstatement before 
consideration of any related controls. Inherent risk exists independent of the engagement. 
The practitioner cannot change this risk, but can change the assessment of the risk. 


2. Control Risk 


The risk that a material misstatement that could occur in the underlying subject matter will 
not be prevented, or detected and corrected, on a timely basis by the appropriate party's 
internal control. Control risk exists independent of the engagement. The practitioner cannot 
change this risk, but can change the assessment of the risk. 


The stronger the system of controls, the greater the reliance that may be placed on the 
controls, and the fewer the tests of details (or the lower the quality of evidence) required. 


3. Detection Risk 
The risk that the practitioner will not detect material misstatement that exists. Detection risk 
relates to the practitioner's procedures. The practitioner can change this risk by varying the 
nature, extent, or timing of procedures. 


As the acceptable level of detection risk decreases, the assurance provided by tests of 
details should increase. 


. , Inherent risk Control risk Detection risk 
Attestation risk _ (assessed by x (assessed by x (controlled by 
(should be low) practitioner) practitioner) practitioner) 
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2.4 Additional Reporting Requirements 


The following reporting requirements also should be considered. 


=m The report may be issued on the assertion itself (e.g., "We have examined management's 
assertion that the accompanying schedule ...") or on the subject matter to which the 
assertion relates (e.g., "We have examined the accompanying schedule ... "). 


e Ineither case, a written assertion is generally obtained in an assertion-based 
examination, review, and agreed-upon procedure engagements. 


e Anassertion is not obtained in a direct examination engagement. In such engagement, 
the practitioner measures or evaluates the underlying subject matter against the criteria 
and performs other procedures to obtain evidence and express an opinion. 


e When there are material misstatements or deviations from the criteria, the report should 
be modified and the conclusion should be expressed directly on the subject matter. 


= If reporting on the assertion, it should accompany the practitioner's report or the assertion 
should be clearly stated in the report. 


=™ Concerns about the assertion, conformity with the criteria, or the adequacy of disclosure 
can result in a qualified or adverse opinion for an examination engagement, or in a modified 
conclusion for a review engagement. 


2.4.1 Scope Restrictions 


= Examination: Restrictions on the scope of an examination engagement may result in 
a qualified opinion, disclaimer of opinion, or in the practitioner's withdrawal from the 
engagement. 


= Review: Restrictions on the scope of a review engagement that prevent necessary 
procedures from being performed result in the practitioner's withdrawal from the 
engagement. 


3 Examination and Review Engagements and Reporting 


Examination and review engagements include three distinct types of engagements, including 
assertion-based examinations, direct examinations, and review engagements. 


3.1 Assertion-Based Examination Engagements 


An examination provides a positive opinion, high level of assurance, generally based on a 
variety of procedures, including search, verification, inquiry, and analysis. In an assertion-based 
examination, a party other than the practitioner measures or evaluates the underlying subject 
matter against criteria and provides an assertion about the outcome of the measurement or 
evaluation. The practitioner then expresses an opinion about whether the underlying subject 
matter is in accordance with (or based on) the criteria or on the responsible party's assertion. 
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3.1.1 Sample Report: Assertion-Based Examination Report on a Subject Matter 


Independent Accountant's Report 
[Appropriate Addressee] 


We have examined [identify the subject matter, for example, the accompanying 
schedule of investment returns of XYZ Company for the year ended December 31, 
20XX]. XYZ Company's management is responsible for [identify the subject matter, 
for example, presenting the schedule of investment returns] in accordance with (or 
based on) [identify the criteria, for example, the ABC criteria set forth in Note 7]. Our 
responsibility is to express an opinion on [identify the subject matter, for example, 
the schedule of investment returns] based on our examination. 


Our examination was conducted in accordance with attestation standards 
established by the AICPA. Those standards require that we plan and perform the 
examination to obtain reasonable assurance about whether [identify the subject 
matter, for example, the schedule of investment returns] is in accordance with (or 
based on) the criteria, in all material respects. An examination involves performing 
procedures to obtain evidence about [identify the subject matter, for example, the 
schedule of investment returns]. The nature, timing, and extent of the procedures 
selected depend on our judgment, including an assessment of the risks of material 
misstatement of [identify the subject matter, for example, the schedule of investment 
returns], whether due to fraud or error. We believe that the evidence we obtained 
is sufficient and appropriate to provide a reasonable basis for our opinion. 


We are required to be independent and to meet our other ethical responsibilities 
in accordance with relevant ethical requirements relating to the engagement. 


[Include a description of significant inherent limitations, if any, associated with the 
measurement or evaluation of the subject matter against the criteria.] 


[Additional paragraph(s) may be added to emphasize certain matters relating to the 
attestation engagement or the subject matter.] 


In our opinion, [identify the subject matter, for example, the schedule of investment 
returns of XYZ Company for the year ended December 31, 20XxX, or the schedule of 
investment returns referred to above] is presented in accordance with (or based 
on) [identify the criteria, for example, the ABC criteria set forth in Note 1], in all 
material respects. 

[Practitioner's signature] 

[Practitioner's city and state] 


[Date of the practitioner's report] 
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3.1.2 Sample Report: Assertion-Based Examination Report on an Assertion 


3.2 


Independent Accountant's Report 
[Appropriate Addressee] 


We have examined management of XYZ Company's assertion that [identify the 
assertion, including the subject matter and the criteria, for example, the accompanying 
schedule of investment returns of XYZ Company for the year ended December 31, 20XX, 
is presented in accordance with (or based on) the ABC criteria set forth in Note 1]. 

XYZ Company's management is responsible for its assertion. Our responsibility is 
to express an opinion on management's assertion based on our examination. 


Our examination was conducted in accordance with attestation standards 
established by the AICPA. Those standards require that we plan and perform 

the examination to obtain reasonable assurance about whether management's 
assertion is fairly stated, in all material respects. An examination involves 
performing procedures to obtain evidence about management's assertion. The 
nature, timing, and extent of the procedures selected depend on our judgment, 
including an assessment of the risks of material misstatement of management's 
assertion, whether due to fraud or error. We believe that the evidence we obtained 
is sufficient and appropriate to provide a reasonable basis for our opinion. 


We are required to be independent and to meet our other ethical responsibilities 
in accordance with relevant ethical requirements relating to the engagement. 


[Include a description of significant inherent limitations, if any, associated with the 
measurement or evaluation of the subject matter against the criteria.] 


[Additional paragraph(s) may be added to emphasize certain matters relating to the 
attestation engagement or the subject matter.] 


In our opinion, management's assertion that [identify the assertion, including the subject 
matter and the criteria, for example, the accompanying schedule of investment returns of 
XYZ Company for the year ended December 31, 20Xx, is presented in accordance with (or 
based on) the ABC criteria set forth in Note 1] is fairly stated, in all material respects. 
[Practitioner's signature] 

[Practitioner's city and state] 


[Date of the practitioner's report] 


Direct Examination Engagements 


In a direct examination engagement, the practitioner obtains reasonable assurance by 
measuring or evaluating the underlying subject matter against the criteria and by performing 
other procedures to obtain sufficient appropriate evidence to express an opinion that conveys 


the results of such measurement or evaluation. The responsible party does not provide an 


AUD 5 


assertion; however, the responsible party is always required to acknowledge its responsibility for 
the underlying subject matter. 
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Before accepting a direct examination engagement, the practitioner should obtain an 
understanding with the responsible party on the purpose of the engagement, how the 
practitioner's report will be used, and why the party wishes to engage the practitioner to 


perform a direct examination engagement. The practitioner should understand whether the 


responsible party has measured or evaluated the underlying subject matter against the criteria, 
and if so, why the party does not intend to provide an assertion. 


cay 


Sample Report: Direct Examination Report 


Independent Accountant's Report 
[Appropriate Addressee] 


We have examined [identify the underlying subject matter, for example, the investment 
transactions of XYZ Company during the year ended December 31, 20XX]. XYZ Company's 
management is responsible for [identify the underlying subject matter, for example, its 
investment transactions during the year ended December 31, 20XX] and maintaining a 
record of those transactions. Our responsibility is to obtain reasonable assurance 
by measuring (or evaluating) [identify the underlying subject matter, for example, the 
investment transactions of XYZ Company during the year ended December 31, 20XX] 
against [/dentify the criteria, for example, the ABC criteria set forth in Note 1 of the 
accompanying schedule of investment returns] to determine [identify the subject matter 
information, for example, the rates of return on those investment transactions] and 
performing other procedures to obtain sufficient appropriate evidence to express 
an opinion that conveys the results of our measurement (or evaluation) based 

on our examination. We have presented the results of our measurement in the 
accompanying schedule of investment returns. 


Our examination was conducted in accordance with the attestation standards 

for a direct examination engagement established by the AICPA. Those standards 
require that we obtain reasonable assurance by measuring (or evaluating) [identify 
the underlying subject matter, for example, the investment transactions of XYZ Company 
during the year ended December 31, 20XX] against [identify the criteria, for example, the 
ABC criteria set forth in Note 1 of the accompanying schedule of investment returns] and 
performing other procedures to obtain sufficient appropriate evidence to express 
an opinion that conveys the results of our measurement or evaluation of [identify 
the underlying subject matter, for example, the investment transactions of XYZ Company 
during the year ended December 31, 20XX]. The nature, timing, and extent of the 
procedures selected depend on our judgment, including an assessment of the risks 
of material misstatement of [identify the subject matter information, for example, the 
rates of return on those investment transactions for the year ended December 31, 20XxX, 
as presented in the schedule of investment returns], whether due to fraud or error. 

We believe that the evidence we obtained is sufficient and appropriate to provide a 
reasonable basis for our opinion. 


We are required to be independent of [identify the responsible party, for example, 
XYZ Company] and to meet our other ethical responsibilities, in accordance with 
relevant ethical requirements relating to our examination engagement. 


(continued) 
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(continued) 


[Include a description of significant inherent limitations, if any, associated with the 
measurement or evaluation of the underlying subject matter against the criteria.] 


[Additional paragraphs may be added to emphasize certain matters relating 
to the attestation engagement, the underlying subject matter, or the subject 
matter information.] 


In our opinion, [identify the subject matter information, for example, the rates of 
return on the investment transactions of XYZ Company during the year ended December 
31, 20XX, included in the accompanying schedule of investment returns of XYZ Company 
for the year ended December 31, 20XX] are fairly presented in accordance with (or 
based on) [identify the criteria, for example, the ABC criteria set forth in Note 7], in all 
material respects. 


[Signature of the practitioner's firm] 
[City and state where the practitioner's report is issued] 
[Date of the practitioner's report] 


3.3. Review (Limited Assurance) 


A review results in a conclusion, which provides a moderate level of assurance. Procedures 
generally include inquiry and analytical procedures, but review evidence may also be obtained 
through inspection, observation, confirmation, recalculation, or reperformance. In a review 
engagement, the practitioner obtains limited assurance by obtaining sufficient appropriate 
evidence about the responsible party's measurement or evaluation of underlying subject matter 
against criteria in order to express a conclusion about whether any material modifications 
should be made to the subject matter information in order for it to be in accordance with (or 
based on) the criteria or the responsible party's assertion for it to be fairly stated. Conclusions 
may be modified based on evidence obtained (qualified or adverse). 
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3.3.1 Sample Report: Review Report on a Subject Matter (Unmodified Conclusion) 


Independent Accountant's Report 
[Appropriate Addressee] 


We have reviewed [identify the subject matter, for example, the accompanying 
schedule of investment returns of XYZ Company for the year ended December 31, 
20XX]. XYZ Company's management is responsible for [identify the subject matter, 
for example, presenting the schedule of investment returns] in accordance with (or 
based on) [identify the criteria, for example, the ABC criteria set forth in Note 7]. Our 
responsibility is to express a conclusion on [identify the subject matter, for example, 
the schedule of investment returns] based on our review. 


Our review was conducted in accordance with attestation standards established 
by the AICPA. Those standards require that we plan and perform the review to 
obtain limited assurance about whether any material modifications should be 
made to [identify the subject matter, for example, the schedule of investment returns] 
in order for it to be in accordance with (or based on) the criteria. The procedures 
performed in a review vary in nature and timing from, and are substantially less 
in extent than, an examination, the objective of which is to obtain reasonable 
assurance about whether [identify the subject matter, for example, the schedule of 
investment returns] is in accordance with (or based on) the criteria, in all material 
respects, in order to express an opinion. Accordingly, we do not express such an 
opinion. Because of the limited nature of the engagement, the level of assurance 
obtained in a review is substantially lower than the assurance that would have 
been obtained had an examination been performed. We believe that the review 
evidence obtained is sufficient and appropriate to provide a reasonable basis for 
our conclusion. 


We are required to be independent and to meet our other ethical responsibilities 
in accordance with relevant ethical requirements related to the engagement. 


[Include a description of the work performed as a basis for the practitioner's conclusion.] 


[Include a description of significant inherent limitations, if any, associated with the 
measurement or evaluation of the subject matter against the criteria.] 


[Additional paragraphs may be added to emphasize certain matters relating to the 
attestation engagement or the subject matter] 


Based on our review, we are not aware of any material modifications that should 
be made to [identify the subject matter, for example, the accompanying schedule of 
investment returns of XYZ Company for the year ended December 31, 20XX] in order 
for it to be in accordance with (or based on) [identify the criteria, for example, the 
ABC criteria set forth in Note 1]. 

[Practitioner's signature] 

[Practitioner's city and state] 


[Date of practitioner's report] 
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3.3.2 Sample Report: Review Report on an Assertion About a Subject Matter 


(Unmodified Conclusion) 


AUD 5 


The report below is restricted as to use. The last paragraph demonstrates how to indicate this 


restricted use, and a similar paragraph could be added to any of the other sample reports. 


A5-42 


Independent Accountant's Report 
[Appropriate Addressee] 


We have reviewed management of XYZ Company's assertion that [identify the 
assertion, including the subject matter and the criteria, for example, the accompanying 
schedule of investment returns of XYZ Company for the year ended December 31, 20XX, 
is presented in accordance with (or based on) the ABC criteria set forth in Note 7]. XYZ 
Company's management is responsible for its assertion. Our responsibility is to 
express a conclusion on management's assertion based on our review. 


Our review was conducted in accordance with attestation standards established 
by the AICPA. Those standards require that we plan and perform the review to 
obtain limited assurance about whether any material modifications should be 
made to management's assertion in order for it to be fairly stated. The procedures 
performed in a review vary in nature and timing from, and are substantially less 
in extent than, an examination, the objective of which is to obtain reasonable 
assurance about whether management's assertion is fairly stated, in all material 
respects, in order to express an opinion. Accordingly, we do not express such an 
opinion. Because of the limited nature of the engagement, the level of assurance 
obtained in a review is substantially lower than the assurance that would have 
been obtained had an examination been performed. We believe that the review 
evidence obtained is sufficient and appropriate to provide a reasonable basis for 
our conclusion. 


We are required to be independent and to meet our other ethical responsibilities 
in accordance with relevant ethical requirements related to the engagement. 


[Include a description of the work performed as a basis for the practitioner's conclusion.] 


[Include a description of significant inherent limitations, if any, associated with the 
measurement or evaluation of the subject matter against the criteria.] 


[Additional paragraphs may be added to emphasize certain matters relating to the 
attestation engagement or the subject matter] 


Based on our review, we are not aware of any material modifications that 
should be made to management of XYZ Company's assertion in order for it to be 
fairly stated. 


This report is intended solely for the information and use of [identify the specified 
parties, for example, ABC Company and XYZ Company], and is not intended to be, 
and should not be, used by anyone other than the specified parties. 
[Practitioner's signature] 

[Practitioner's city and state] 

[Date of practitioner's report] 
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3.4 Agreed-Upon Procedures 


Agreed-upon procedures provide no assurance, but procedures and findings are listed. 


Type of Engagement | Amount of Assurance Result Similar To 
Examination Reasonable (positive) Opinion Audit (SAS) 
Review Limited (negative) Conclusion Review (SSARS) 
Agreed-upon procedures | None List of findings N/A 


3.5 Written Assertion 


Awritten assertion is generally obtained in an assertion-based examination, review, and agreed- 
upon procedures engagements regarding whether the underlying subject matter is measured 
or evaluated in accordance with suitable criteria. The practitioner should use professional 
judgment in determining whether management has a reasonable basis for making its assertion. 
If no written assertion is provided by management, the outcome depends on whether the client 
is also the responsible party. 


If the client is the responsible party, failure to provide a written assertion constitutes a scope 
limitation. 


=m  Inanassertion-based examination engagement, the practitioner is required to withdraw 
from the engagement when withdrawal is possible under the applicable law or regulation. 
If withdrawal is not allowed under the applicable law or regulation, the practitioner should 
disclaim an opinion. 


m Areview engagement subject to such a scope limitation is incomplete and the practitioner 
should withdraw. When withdrawal is not possible under applicable law or regulation, the 
practitioner may report on the subject matter but should modify the report and restrict the 
use of the report. 


= Inanagreed-upon procedures engagement, the practitioner should modify the report 
based on the scope limitation. 


If the client is not the responsible party, a report may be issued as long as appropriate 
procedures are performed and sufficient evidence is obtained. However, the practitioner should 
disclose such refusal in the report, and its use should be restricted. 


3.6 Other Requirements 


= Documentation requirements for attestation engagements are similar to those for any other 
audit or review engagement. 


=m Anunderstanding with the client should be established, preferably through a 
written communication. 


= Arepresentation letter from the responsible party should be obtained for examination and 
review engagements. 


= Inquiry should be made regarding subsequent events. 
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NOTES 


A5-44 Module 3 © Becker Professional Education Corporation. All rights reserved. 


mooue Agreed-Upon Procedures 4, 


and Prospective 
Financial Statements 


1 Agreed-Upon Procedures Engagements 


An agreed-upon procedures engagement is a type of attestation engagement in which a 
practitioner is engaged by a client ("engaging party") and performs specific procedures on 
underlying subject matter or subject matter information (such as an assertion) and reports the 
findings. The client and the practitioner agree to the procedures that will be performed to meet 
the intended purpose of the engagement. Because the client best understands its own needs, 
the client is responsible for assessing the sufficiency of the procedures performed. In some 
cases, the engaging party may not be the same as the party responsible for the subject matter 
("responsible party") over which the agreed-upon procedures are being performed. In such 
cases, the responsible party must acknowledge this fact. 

Attestation standards apply to all agreed-upon procedures engagements, including those 
related to items from a financial statement. The practitioner does not provide an opinion or a 
conclusion, but rather reports the procedures performed and the related findings. 


1.1 Conditions 


Agreed-upon procedures attestation engagements may be performed provided that the 
following conditions exist: 


1. Independence of the Practitioner 


2. Agreement of the Parties 
The practitioner and the engaging party agree, or will be able to agree, regarding the 
procedures to be performed, the criteria to be used in the determination of the findings, 
and any materiality limits to be used for reporting purposes. 

3. Measurability and Consistency 
The subject matter should be capable of reasonably consistent measurement, procedures 
should be expected to result in reasonably consistent findings, and evidential matter to 
support the report should be expected to exist. 

4. Sufficiency of the Procedures 
The client takes responsibility for the sufficiency of the procedures to be performed to meet 
the intended purpose of the engagement. 


Use of the Report Can Be General or Restricted to Specified Parties 


Responsibility for the Subject Matter 


e The client is responsible for (or has a reasonable basis for providing an assertion about) 
the subject matter; or 


e The client is able to provide evidence that a third party (the responsible party) is 
responsible for the subject matter. 


7. Engagements to Perform Agreed-Upon Procedures on Prospective Financial Statements 
Prospective financial statements must include a summary of significant assumptions. 
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L Pass Key 


"|-AM-SURE" you can perform these agreed-upon procedures. 


1.2 Reporting (Required Elements) 


The practitioner's report on agreed-upon procedures should be in writing and in the form of 
procedures and findings. The practitioner's report should contain the following elements: 


= Atitle (including the word independent), a signature, city and state where the practitioner 
practices, and a date. 


= An appropriate addressee. 


= Identification of the engaging party, the subject matter, the nature and intended purpose of 
the engagement, and the responsible party. 


=m Astatement that the subject matter is the responsibility of the responsible party. 


=m Astatement that the engaging party acknowledged that the procedures performed were 
appropriate to meet the intended purpose of the engagement. 


= Astatement that the report may not be suitable for any other purpose and that users are 
responsible for determining whether the procedures performed are appropriate for their 
specific purposes. 


= Astatement that an agreed-upon procedures engagement involves performing specific 
procedures that the engaging party has agreed to and acknowledged as appropriate for the 
intended purpose of the engagement and reporting on the related findings. 


= Astatement that the engagement was conducted in accordance with attestation standards 
established by the American Institute of Certified Public Accountants. 


= Adescription of the procedures performed (or reference thereto), related findings (the 
practitioner should not provide an opinion or conclusion), and, if applicable, a description of 
any specified materiality threshold established for reporting exceptions. 


= Astatement that the practitioner was not engaged to, and did not conduct, an examination 
or review, the objective of which would be the expression of an opinion or conclusion, 
respectively, on the subject matter; a statement that the practitioner does not express an 
opinion or conclusion; and a statement that if the practitioner had performed additional 
procedures, other matters might have come to his or her attention that would have been 
reported. 


= Astatement that the practitioner is required to be independent of the responsible party and 
to meet the other ethical requirements related to the agreed-upon procedures engagement. 


=m Where applicable, reservations or restrictions concerning procedures or findings. 


= Certain additional items for agreed-upon procedures for attestation engagements on 
prospective financial information. 


=m Where applicable, a description of the nature of the assistance provided by a specialist. 
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1.2.1 Sample Report: Agreed-Upon Procedures Report 


Independent Accountant's Report 
[Appropriate Addressee] 


We have performed the procedures enumerated below on [identify the subject 
matter, for example, the accompanying Statement of Investment Performance Statistics 
of XYZ Fund for the year ended December 31, 20X71]. [The responsible party, for 
example, XYZ Fund] is responsible for [the subject matter]. 


[The engaging party, for example, XYZ Fund] has agreed to and acknowledged 

that the procedures performed are appropriate to meet the intended purpose 

of [identify the intended purpose of the engagement, for example, assisting users in 
understanding the Statement of Investment Performance Statistics of XYZ Fund for 

the year ended December 31, 20X7]. This report may not be suitable for any other 
purpose. The procedures performed may not address all the items of interest to a 
user of this report and may not meet the needs of all users of this report and, as 
such, users are responsible for determining whether the procedures performed 
are appropriate for their purposes. 


The procedures and the associated findings are as follows: 


[Include paragraphs to describe the procedures performed detailing the nature and 
extent, and, if applicable, the timing, of each procedure and to describe the findings 
from each procedure performed, including sufficient details on exceptions found.] 


We were engaged by [the engaging party, for example, XYZ Fund] to perform 

this agreed-upon procedures engagement and conducted our engagement 

in accordance with attestation standards established by the AICPA. We were 

not engaged to and did not conduct an examination or review engagement, 

the objective of which would be the expression of an opinion or conclusion, 
respectively, on [identify the subject matter, for example, the accompanying Statement 
of Investment Performance Statistics of XYZ Fund for the year ended December 31, 
20X71]. Accordingly, we do not express such an opinion or conclusion. Had we 
performed additional procedures, other matters might have come to our attention 
that would have been reported to you. 


We are required to be independent of XYZ Fund and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements related to 
our agreed-upon procedures engagement. 


[Additional paragraphs may be added to describe other matters.] 


[Signature of the practitioner's firm] 
[City and state where the practitioner's report is issued] 
[Date of the practitioner's report] 
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1.3. Explanatory Language 


The practitioner may include explanatory language regarding matters such as: 


= Disclosure of stipulated facts, assumptions, or interpretations (including the source thereof) 
used in the application of agreed-upon procedures. 


= Description of the condition of records, controls, or data to which the procedures 
were applied. 


= Explanation that the practitioner has no responsibility to update his or her report. 
=m Explanation of sampling risk. 


= Restriction of the use of the practitioner's report based on the circumstances of the 
engagement. 


2 Prospective Financial Statements 


In contrast to historical financial statements, which are the subject of audit engagements, 
prospective financial statements are forward-looking and based on projections rather than 
past events. 


= Prospective financial statements may cover a period that has partially expired. 

= Statements for periods that have completely expired are not considered to be prospective. 

= Pro forma financial statements and partial presentations are not prospective financial 
statements. 


2.1 Types of Prospective Financial Statements 


Financial forecasts and projections are two types of prospective financial statements that 
attempt to reflect a company's expected financial position and expected results of operations. 


1. Financial Forecast 


A financial forecast reflects, to the best of the responsible party's knowledge, the expected 
financial results of a future period. It is based on expected conditions and expected courses 
of action. 


Note: In almost all situations, the party responsible for the prospective financial statements 
is the management of the company. 


2. Financial Projection 


A financial projection is different from a forecast in that it is based on hypothetical 
assumptions. A projection reflects the financial position and results of operations based on 
a "what-if" type of scenario. 


2.2 Uses of Prospective Financial Statements 
The uses of prospective financial statements can be categorized as: 
= General Use 


General use means that the statements issued will be used by parties not negotiating 
directly with the responsible party (the issuing company). Only a financial forecast is 
appropriate for general use. 
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= Limited Use 


Limited use means that the financial statements will only be used by the responsible party 
alone or by parties negotiating directly with the responsible party (the issuing company). 
Both financial forecasts and financial projections are appropriate for limited use. 


Examples include use in negotiations for a bank loan, submission to a regulatory agency, 
and use solely within the entity. 


2.3. Engagement Types 


A practitioner is associated with prospective financial statements primarily in one of four ways: 
1. Preparation engagement 

2. Compilation engagement 

3. Examination engagement 

4. Agreed-upon procedures engagement 


Note that a review of prospective financial statements is not allowed. 


2.4 Preparation of Prospective Financial Statements 


SSARS provides guidance for preparation of prospective financial statements. The requirements 

for a preparation of prospective financial statements are very similar to the requirements for a 
preparation of historical financial statements (i.e., agree on engagement terms, understand the 
entity's financial reporting framework, prepare financial statements, include a legend on each page). 


A practitioner should not prepare prospective financial information that: 

1. excludes the summary of significant assumptions; or 

2. in the case of a financial projection, excludes either an identification of the hypothetical 
assumptions or a description of the limitations on the usefulness of the presentation. 


2.5 Compilation of Prospective Financial Statements 
SSARS provides guidance for compilations of prospective financial statements. 


2.5.1 Purpose 


The purpose of a compilation of prospective financial statements is the proper assembling of the 
financial data based on the responsible party's assumptions. 


=m There is no assurance of any kind given that the statements have been prepared in 
accordance with AICPA guidelines or that the assumptions used are reasonable. 


= The accountant should read the prospective financial statements with the summaries of 
significant assumptions and accounting policies, and consider whether they appear to be 
presented in conformity with AICPA presentations. 


=m The practitioner is not required to gather supporting evidence, but should be aware of 
obvious inappropriate assumptions used to construct the statements. Independence is 
not required, but lack of independence should be disclosed in a separate paragraph in the 
compilation report. The practitioner is permitted, but not required, to disclose the reason(s) 
for the lack of independence in the report. All reasons must be included in the disclosure. 
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2.5.2 Contents of Compilation Report 


The following items would appear in the practitioner's compilation report: 


Identification of the entity, the prospective financial information that has been subjected to 
the compilation engagement, and the date or period covered by the prospective financial 
information; 


A statement that management is responsible for the prospective financial information; 


A statement that the practitioner has performed the compilation engagement in accordance 
with Statements on Standards for Accounting and Review Services (SSARSs) promulgated by 
the Accounting and Review Services Committee of the AICPA; 


A statement that the practitioner did not examine or review the prospective financial 
information nor was the practitioner required to perform any procedures to verify the accuracy 
or completeness of the assumptions made by management, and, accordingly, does not express 
an opinion, a conclusion, nor provide any assurance on the prospective financial information; 


A caveat that the prospective results may not be achieved; 


A statement that the practitioner assumes no responsibility to update the report for events 
and circumstances occurring after the date of the report; and 


The signature of the practitioner's firm, the date of the report, and the city and state where 
the practitioner practices. 


2.5.3 Sample Report: Compilation of a Financial Forecast* 


[The responsible party] is responsible for the accompanying financial forecast of XYZ 
Company, which comprises the forecasted balance sheet as of December 31, 20X2, and 
the related forecasted statements of income, changes in stockholders' equity, and cash 
flows for the year then ending, and the related summaries of significant assumptions 
and accounting policies in accordance with guidelines for the presentation of a financial 
forecast established by the American Institute of Certified Public Accountants (AICPA). We 
have performed a compilation engagement in accordance with Statements on Standards 
for Accounting and Review Services promulgated by the Accounting and Review Services 
Committee of the AICPA. We did not examine or review the financial forecast nor were 
we required to perform any procedures to verify the accuracy or completeness of the 
information provided by management. Accordingly, we do not express an opinion, a 
conclusion, nor provide any form of assurance on this financial forecast. 


The forecasted results may not be achieved as there will usually be differences between the 
forecasted and actual results, because events and circumstances frequently do no occur as 
expected, and these differences may be material. We have no responsibility to update this 
report for events and circumstances occurring after the date of this report. 

[Signature of practitioner's firm or practitioner, as appropriate] 

[Practitioner's city and state] 

[Date of the practitioner's report] 


*With the issuance of SSAE 18, compilations of prospective financial statements are no longer 
addressed in the attestation standards and are instead governed by AR-C section 80 of the 
SSARS standards. 
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2.5.4 Compilation of a Financial Projection 
The standard report above would be changed slightly to refer to a "financial projection" rather 
than a "financial forecast." 


2.6 Examination of Prospective Financial Statements 


An examination of prospective financial statements is more substantial in scope and 
responsibility than a compilation or an engagement utilizing agreed-upon procedures. 


2.6.1 Purpose 


The purpose of an examination of prospective financial statements is to express 
an opinion as to whether: 


1. the statements are presented in conformity with AICPA guidelines; and 


2. the underlying assumptions provide a reasonable basis for the prospective statements. 


2.6.2 Independence Required 


Independence is required for examination engagements. 


2.6.3 Evidence Required 


In order for the accountant to make such a claim, sufficient evidence must be obtained. The 
accountant must evaluate the preparation, support, and presentation of the statements. 


2.6.4 Content of Report Based on Examination 
The standard examination report issued by the accountant would contain the following: 


= Atitle that includes the word independent, the signature of the practitioner's firm, the city 
and state of the practitioner's firm, and the date of the report; 


= Identification of the prospective financial statements presented; 


= An indication that the criteria against which the prospective financial information was 
measured or evaluated are the guidelines for the presentation of a forecast (or projection) 
established by the AICPA. 


= An identification of the responsible party and a statement that the prospective financial 
statements are the responsibility of the responsible party; 


= Astatement that the practitioner's responsibility is to express an opinion on the prospective 
financial statements based on his or her examination; 


= Astatement that the examination was conducted in accordance with attestation standards 
established by the AICPA; 


= Astatement that those standards require that the practitioner plan and perform the 
examination to obtain reasonable assurance about whether the forecast (or projection) 
is presented in accordance with the guidelines for the presentation of a forecast (or 
projection) established by the AICPA, in all material respects; 
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A statement that the practitioner believes that the examination provides a reasonable basis 
for his or her opinion; 


A description of the nature of an examination engagement; 


An opinion that the prospective financial statements are presented in conformity with AICPA 
guidelines and that the underlying assumptions provide a reasonable basis for the forecast 
or the projection given the hypothetical assumptions; 


A statement indicating that the prospective results may not be achieved and describing 
other significant inherent limitations, if any; and 


A statement that the practitioner assumes no responsibility to update the report due to 
subsequent events. 


For a projection, the report should also include identification of the hypothetical assumptions, a 
description of the projection's purpose, and a restrictive use paragraph. 


2.6.5 Modifications to the Opinion 


The following issues would require the practitioner to modify the opinion: 


AICPA presentation guidelines are not followed (qualified "except for" or adverse opinion). 
Significant assumptions are not disclosed (adverse opinion). 


Basis not reasonable: One or more of the significant assumptions do not provide a 
reasonable basis for the financial statements (adverse opinion). 


Scope limitation (disclaimer). 


2.6.6 Sample Report: Examination of a Financial Forecast 


Independent Accountant's Report 
[Appropriate Addressee] 


We have examined the accompanying forecast of XYZ Company, which comprises 
the forecasted balance sheet as of December 31, 20XX, and the related forecasted 
statements of income, stockholders' equity, and cash flows for the year then 
ending, based on the guidelines for the presentation of a forecast established 

by the American Institute of Certified Public Accountants. XYZ Company's 
management is responsible for preparing and presenting the forecast in 
accordance with the guidelines for the presentation of a forecast established by 
the American Institute of Certified Public Accountants. Our responsibility is to 
express an opinion on the forecast based on our examination. 


(continued) 
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(continued) 


Our examination was conducted in accordance with attestation standards 
established by the American Institute of Certified Public Accountants. Those 
standards require that we plan and perform the examination to obtain reasonable 
assurance about whether the forecast is presented in accordance with the 
guidelines for the presentation of a forecast established by the American Institute 
of Certified Public Accountants, in all material respects. An examination involves 
performing procedures to obtain evidence about the forecast. The nature, timing, 
and extent of the procedures selected depend on our judgment, including an 
assessment of the risks of material misstatement of the forecast, whether due 

to fraud or error. We believe that the evidence we obtained is sufficient and 
appropriate to provide a reasonable basis for our opinion. 


In our opinion, the accompanying forecast is presented, in all material respects, in 
accordance with the guidelines for the presentation of a forecast established by the 
American Institute of Certified Public Accountants, and the underlying assumptions 
are suitably supported and provide a reasonable basis for management's forecast. 


There will usually be differences between the forecasted and actual results 
because events and circumstances frequently do not occur as expected, and those 
differences may be material. We have no responsibility to update this report for 
events and circumstances occurring after the date of this report. 

[Practitioner's signature] 

[Practitioner's city and state] 

[Date of the practitioner's report] 


2.6.7. Examination of a Financial Projection 
The standard report above would be changed slightly to include: 


= Adescription of the hypothetical assumption used in the first paragraph ("... management 
is responsible for preparing and presenting the projection based on [identify the hypothetical 
assumption, for example, the granting of the requested loan as described in the summary of 
significant assumptions] ... "). 


= Adescription of the purpose of the projection in the first paragraph ("... The projection was 
prepared for [describe the special purpose, for example, the purpose of negotiating a loan to 
expand XYZ Company's plant] ..."). 


=m Areference to the hypothetical assumption in the third and fourth paragraphs. 


=m A paragraph restricting the use of the report. 
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2.7. Agreed-Upon Procedures Applied to Prospective 
Financial Statements 


The conditions and required elements for agreed-upon procedures engagements ("I-AM-SURE" 
mnemonic) also applies when such engagements are related to prospective financial statements. 
An additional condition is that the prospective financial statements must include a summary of 
significant assumptions. 


Additional reporting elements include a reference to the prospective financial statements, a 
disclaimer on whether the statements are presented in conformity with AICPA guidelines and 
on whether the underlying assumptions provide a reasonable basis for the statements, a caveat 
that prospective results may not be achieved, and a statement that the accountant assumes no 
responsibility to update the report for events occurring after the date of the report. 


2.8 Partial Presentations 


A presentation of prospective financial information that excludes certain essential elements is 
considered to be a partial presentation that generally is not appropriate for general use. Partial 
presentations are those that omit one of the following essential elements: Sales, gross profit 
(or cost of sales), unusual or infrequent items, income tax expense, discontinued operations, 
income from continuing operations, net income, earnings per share, and significant changes in 
financial position. 


Because partial presentations are generally appropriate only for limited use, reports on partial 
presentations of both forecasted and projected information should include a description of any 
limitations on the usefulness of the presentation. 


2.9 Prospective Financial Statement Summary 


General Compilation Examination Agreed-Upon 

Procedures Report* Report Procedures 
Prospective financial eserviie Evaluate Apply specific 
statements procedures 
Responsible party's dec araile Fy sinee Should be 
assumptions included in PFS 
Are financial statements 
and significant assumptions Look for obvious we ae 
in conformance with AICPA errors Opinion PISCaImer 
guidelines? 
Obtain agreed-upon scope from Prior to report 

‘ N/A N/A ; 

engaging party issuance 


*With the issuance of SSAE 18, preparations and compilations of prospective financial 
statements are no longer addressed in the attestation standards and are instead governed by 
AR-C section 80 of the SSARS standards. 
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Reports Include Compilation Examination Agreed-Upon 
a Statement Regarding: Report* Report Procedures 
Identification of prospective Vee Yes Yes 
financial statements 
Compliance with AICPA Vax Vee Ved 
standards 
Limitation of scope Yes No Yes 
An enumeration of procedures No No Ve 
performed 
A caveat that prospective Vax Vee Yes 
results may not be achieved 
CPA has no responsibility for Ves Ves Vex 
updating report 
Opinion on PFS accordance with 
AICPA presentation guidelines Ne Hes Ne 
ee Only required for | Only required for | Only required for 
BITIEE Hee OTE pOnt projection projection projection 


*With the issuance of SSAE 18, preparations and compilations of prospective financial 
statements are no longer addressed in the attestation standards and are instead governed by 
AR-C section 80 of the SSARS standards. 


2.10 Pro Forma Financial Statements 


Pro forma financial statements are not prospective financial statements, but they may be 

used to demonstrate the effect of a future or hypothetical event by showing how it might have 
affected the historical financial statements if it had occurred during the period covered by those 
financial statements. 


= Pro forma adjustments should be based on management's assumptions and include all 
material effects directly attributable to the transaction (or event). 


= Pro forma financial information should be labeled accordingly to prevent confusion with 
historical financial information. 


= Pro forma financial statements may be examined or reviewed. 


= The practitioner should obtain an understanding of the event and evaluate the pro forma 
adjustments, including any assumptions on which the adjustments are based. The 
practitioner should also obtain written representations from management. 


=m Apractitioner's report should make reference to the financial statements from which the 
historical financial information is derived, and state whether such financial statements were 
audited or reviewed. 
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2.10.1 Sample Report: Examination of Pro Forma Financial Statements 


A5-56 


Independent Accountant's Report 


We have examined the pro forma adjustments giving effect to the underlying 
transaction (or event) described in Note 1 and the application of those adjustments to 
the historical amounts in the accompanying pro forma condensed balance sheet of 

X Company as of December 31, 20X1, and the related pro forma condensed statement 
of income for the year then ended (pro forma financial information), based on the 
criteria in Note 1. The historical condensed financial statements are derived from 

the historical financial statements of X Company, which were audited by us, and of 

Y Company, which were audited by other accountants, appearing elsewhere herein [or 
"and are readily available"). The pro forma adjustments are based on management's 
assumptions described in Note 1.X Company's management is responsible for the 
pro forma financial information. Our responsibility is to express an opinion on the pro 
forma financial information based on our examination. 


Our examination was conducted in accordance with attestation standards established 
by the American Institute of Certified Public Accountants. Those standards require that 
we plan and perform the examination to obtain reasonable assurance about whether, 
based on the criteria in Note 1, management's assumptions provide a reasonable basis 
for presenting the significant effects directly attributable to the underlying transaction 
(or event), and, in all material respects, the related pro forma adjustments give 
appropriate effect to those assumptions, and the pro forma amounts reflect the proper 
application of those adjustments to the historical financial statement amounts. An 
examination involves performing procedures to obtain evidence about management's 
assumptions, the related pro forma adjustments, and the pro forma amounts in 

the pro forma condensed balance sheet of X Company as of December 31, 20X1, 

and the related pro forma condensed statement of income for the year then ended. 
The nature, timing, and extent of the procedures selected depend on our judgment, 
including an assessment of the risks of material misstatement of the pro forma 
financial information, whether due to fraud or error. We believe that the evidence we 
obtained is sufficient and appropriate to provide a reasonable basis for our opinion. 


The objective of this pro forma financial information is to show what the significant 
effects on the historical financial information might have been had the underlying 
transaction (or event) occurred at an earlier date. However, the pro forma condensed 
financial statements are not necessarily indicative of the results of operations or 
related effects on financial position that would have been attained had the above- 
mentioned transaction (or event) actually occurred at such earlier date. 


In our opinion, based on the criteria in Note 1, management's assumptions provide 
a reasonable basis for presenting the significant effects directly attributable 

to the above-mentioned transaction (or event) described in Note 1, and, in all 
material respects, the related pro forma adjustments give appropriate effect to 
those assumptions, and the pro forma amounts reflect the proper application of 
those adjustments to the historical financial statement amounts in the pro forma 
condensed balance sheet of X Company as of December 31, 20X1, and the related 
pro forma condensed statement of income for the year then ended. 


[Practitioner's signature] 
[Practitioner's city and state] 
[Date of the practitioner's report] 
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2.10.2 Sample Report: Review of Pro Forma Financial Statements 


Independent Accountant's Report 


We have reviewed the pro forma adjustments giving effect to the transaction (or event) 
described in Note 1 and the application of those adjustments to the historical amounts in 
the accompanying pro forma condensed balance sheet of X Company as of March 31, 20X2, 
and the related pro forma condensed statement of income for the three months then ended 
(pro forma financial information), based on the criteria in Note 1. These historical condensed 
financial statements are derived from the historical unaudited financial statements of 

X Company, which were reviewed by us, and of Y Company, which were reviewed by other 
accountants, appearing elsewhere herein [or “and are readily available"). The pro forma 
adjustments are based on management's assumptions as described in Note 1. X Company's 
management is responsible for the pro forma financial information. Our responsibility is to 
express a conclusion based on our review. 


Our review was conducted in accordance with attestation standards established by the 
American Institute of Certified Public Accountants. Those standards require that we plan 
and perform our review to obtain limited assurance about whether, based on the criteria 

in Note 1, any material modifications should be made to management's assumptions in 
order for them to provide a reasonable basis for presenting the significant effects directly 
attributable to the underlying transaction (or event); the related pro forma adjustments, in 
order for them to give appropriate effect to those assumptions; or the pro forma amounts, 
in order for them to reflect the proper application of those adjustments to the historical 
financial statement amounts. A review is substantially less in scope than an examination, the 
objective of which is to obtain reasonable assurance about whether, based on the criteria, 
management's assumptions provide a reasonable basis for presenting the significant effects 
directly attributable to the underlying transaction (or event), and, in all material respects, the 
related pro forma adjustments give appropriate effect to those assumptions, and the pro 
forma amounts reflect the proper application of those adjustments to the historical financial 
statement amounts, in order to express an opinion. Accordingly, we do not express such an 
opinion. We believe that our review provides a reasonable basis for our conclusion. 


The objective of this pro forma financial information is to show what the significant effects on 
the historical financial information might have been had the underlying transaction (or event) 
occurred at an earlier date. However, the pro forma condensed financial statements are not 
necessarily indicative of the results of operations or related effects on financial position that 
would have been attained had the above-mentioned transaction (or event) actually occurred at 
such earlier date. 


Based on our review, we are not aware of any material modifications that should be 

made to management's assumptions in order for them to provide a reasonable basis for 
presenting the significant effects directly attributable to the above-mentioned transaction 
(or event) described in Note 1, the related pro forma adjustments in order for them to give 
appropriate effect to those assumptions, or the pro forma amounts, in order for them to 
reflect the proper application of those adjustments to the historical financial statement 
amounts in the pro forma condensed balance sheet of X Company as of March 31, 20X2, 
and the related pro forma condensed statement of income for the three months then 
ended, based on the criteria in Note 1. 


[Practitioner's signature] 
[Practitioner's city and state] 
[Date of the practitioner's report] 


For both examinations and reviews, nothing precludes the CPA from restricting the use of 
the report. 
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Reporting on Controls 
at a Service Organization 


1 Reporting on Controls at a Service Organization 


Many entities use outside organizations to process some portion of their accounting transactions (e.g., 
ADP and Paychex are service organizations that provide processing for payroll checks and reports). 


1.1. Relationship Between the Entity and the Service Organization 


Aservice organization's services are considered to be part of a user entity's information system 

when those services affect the initiation, execution, processing, or reporting of the user company's 
transactions. In such cases, the controls placed in operation by the service organization are considered 
to be part of the user organization's information system. Service organizations often have an auditor 
perform an attestation examination engagement to report on the controls of the service organization 
that are relevant to the user entities' system of internal control over financial reporting or are relevant 
to the security and confidentiality of the information processed by the service organization. 


Illustration 1 Service Organization 


ABC Firm audits Party Solutions. Party Solutions uses Quick Payroll to process its payroll 
transactions. XYZ Firm audits Quick Payroll: 


e Party Solutions is the user entity or user organization (Party Solutions is using the service 
of Quick Payroll). 


e ABC Firm is the user auditor. 
© Quick Payroll is the service organization. 


e XYZ Firm is the service auditor. 


1.2 Objectives 


The objectives of the service auditor are to: 
1. Obtain reasonable assurance about whether, in all material respects, based on suitable criteria: 


e Management's description of the service organization's system fairly presents the 
system that was designed and implemented throughout the specified period (or in the 
case of a Type 1 Report, as of a specified date). 


e The controls related to the control objectives stated in management's description of the 
service organization's system were suitably designed throughout the specified period 
(or in the case of a Type 1 Report, as of a specified date). 


e When included in the scope of the engagement, the controls operated effectively to provide 
reasonable assurance that the control objectives stated in management's description of the 
service organization's system were achieved throughout the specified period. 


2. Report in accordance with the service auditor's findings. 
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1.3. Procedures 


The service auditor should perform the following procedures: 

Assess the suitability of the criteria 

Obtain an understanding of the service organization's system 

Obtain evidence regarding management's description of the service organization's system 
Obtain evidence regarding the design of controls 

Obtain evidence regarding the operating effectiveness of controls (Type 2 Report only) 
Obtain written representations from management 


Consider subsequent events 


1.4 SOC 1° and SOC 2° Reports 


System and Organization Controls (SOC) is a suite of offerings a CPA may provide in connection 
with system-level controls at a service organization. There are two different reports a service 
auditor may provide regarding the controls in place at a service organization. Each report can be 
issued as either a Type 1 or a Type 2 report. 


1.4.1 SOC 1®—SOC for Service Organizations: Internal Control Over Financial 
Reporting (ICFR) 


ASOC 1® report is a Report on Controls at a Service Organization Relevant to User Entities' Internal 
Control Over Financial Reporting. This report is issued by a service auditor and intended to be 
used by a user entity and user auditor in evaluating the impact that certain relevant controls at the 
service organization have on the financial statements of the user entity. The use of a SOC 1° report 
is restricted to the management of the service organization, the user entity, and the user auditor. 


1.4.2 SOC 2®—SOC for Service Organizations: Trust Services Criteria 


ASOC 2® report is a Report on Controls at a Service Organization Relevant to Security, Availability, 
Processing Integrity, Confidentiality, or Privacy. This report is issued by a service auditor and 
intended to give assurance to a broad range of users regarding the controls in place at a service 
organization relevant to one or more of the Trust Services Criteria of security, availability, 
processing integrity, confidentiality, and privacy. The use of a SOC 2® report is restricted. 


1.5 Type 1 and Type 2 Reports 
There are two types of reports a service auditor may provide: 


1.5.1 Type 1 Report 


A Type 1 Report is a report on the design and implementation of a service organization's 
identified controls. It does not provide assurance on the operating effectiveness of the controls. 
A Type 1 Report contains the following: 


1. Management's description of the service organization's system. 


2. Awritten assertion by management of the service organization about whether, in all 
material respects, and based on suitable criteria: 


e Management's description of the service organization's system fairly presents the design 
and implementation of the system as of a specified date. 


e The controls related to the control objectives outlined in management's description 
were suitably designed to achieve the control objectives as of a specified date. 


3. The auditor's opinion on management's assertion. 
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1.5.2 Sample Report: Type 1 Service Auditor's Report 


Independent Service Auditor's Report on XYZ Service Organization's 
Description of Its System and the Suitability of the Design of Controls 


To: XYZ Service Organization 
Scope 


We have examined XYZ Service Organization's description of its [type or name 

of] system entitled, "XYZ Service Organization's Description of Its [type or name 

of] System," for processing user entities' transactions [or identification of the 
function performed by the system] as of [date] (description) and the suitability of the 
design of the controls included in the description to achieve the related control 
objectives stated in the description, based on the criteria identified in "XYZ Service 
Organization's Assertion" (assertion). 


The controls and control objectives included in the description are those that 
management of XYZ Service Organization believes are likely to be relevant to 
user entities' internal control over financial reporting, and the description does 
not include those aspects of the [type or name of] system that are not likely to be 
relevant to user entities’ internal control over financial reporting. 


Service Organization's Responsibilities 


In [section number where assertion is presented], XYZ Service Organization has 
provided an assertion about the fairness of the presentation of the description 
and suitability of the design of the controls to achieve the related control 
objectives stated in the description. XYZ Service Organization is responsible for 
preparing the description and its assertion, including the completeness, accuracy, 
and method of presentation of the description and assertion, providing the 
services covered by the description, specifying the control objectives and stating 
them in the description, identifying the risks that threaten the achievement of 
the control objectives, selecting the criteria stated in the assertion, and designing, 
implementing, and documenting controls that are suitably designed and operating 
effectively to achieve the related control objectives stated in the description. 


Service Auditor's Responsibilities 


Our responsibility is to express an opinion on the fairness of the presentation of 
the description and on the suitability of the design of the controls to achieve the 
related control objectives stated in the description, based on our examination. 


Our examination was conducted in accordance with attestation standards 
established by the American Institute of Certified Public Accountants. Those 
standards require that we plan and perform the examination to obtain reasonable 
assurance about whether, in all material respects, based on the criteria in 
management's assertion, the description is fairly presented and the controls were 
suitably designed to achieve the related control objectives stated in the description 
as of [date]. We believe that the evidence we obtained is sufficient and appropriate 
to provide a reasonable basis for our opinion. 


(continued) 
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(continued) 


An examination of a description of a service organization's system and the 
suitability of the design of controls involves: 


= performing procedures to obtain evidence about the fairness of the 
presentation of the description and the suitability of the design of the controls 
to achieve the related control objectives stated in the description, based on 
the criteria in management's assertion. 


= assessing the risks that the description is not fairly presented and that the 
controls were not suitably designed to achieve the related control objectives 
stated in the description. 


= evaluating the overall presentation of the description, suitability of the control 
objectives stated in the description, and suitability of the criteria specified by 
the service organization in its assertion. 


Inherent Limitations 


The description is prepared to meet the common needs of a broad range of 
user entities and their auditors who audit and report on user entities’ financial 
statements and may not, therefore, include every aspect of the system that each 
individual user entity may consider important in its own particular environment. 
Because of their nature, controls at a service organization may not prevent, or 
detect and correct, all misstatements in processing or reporting transactions [or 
identification of the function performed by the system]. Also, the projection to the 
future of any evaluation of the fairness of the presentation of the description, 
or conclusions about the suitability of the design of the controls to achieve 

the related control objectives, is subject to the risk that controls at a service 
organization may become ineffective. 


Other Matter 


We did not perform any procedures regarding the operating effectiveness of controls 

stated in the description and, accordingly, do not express an opinion thereon. 

Opinion 

In our opinion, in all material respects, based on the criteria described in 

XYZ Service Organization's assertion: 

a. the description fairly presents the [type or name of] system that was designed 
and implemented as of [date]. 


b. the controls related to the control objectives stated in the description were 
suitably designed to provide reasonable assurance that the control objectives 
would be achieved if the controls operated effectively as of [date]. 


(continued) 
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(continued) 


Restricted Use 


This report is intended solely for the information and use of management of 

XYZ Service Organization, user entities of XYZ Service Organization's [type or 
name of] system as of [date], and their auditors who audit and report on such 
user entities' financial statements or internal control over financial reporting 

and have a sufficient understanding to consider it, along with other information, 
including information about controls implemented by user entities themselves, 
when assessing the risks of material misstatements of user entities’ financial 
statements. This report is not intended to be, and should not be, used by anyone 
other than the specified parties. 


[Service auditor's signature] 
[Service auditor's city and state] 
[Date of the service auditor's report] 


1.5.3 Type 2 Report 


A Type 2 Report is a report on the design, implementation, and operating effectiveness of a 
service organization's controls. A Type 2 Report contains the following: 


1. Management's description of the service organization's system. 


2. Awritten assertion by management of the service organization about whether, in all 
material respects, and based on suitable criteria: 


e Management's description of the service organization's system fairly presents the design 
and implementation of the system throughout a specified period. 


e The controls related to the control objectives outlined in management's description 
were suitably designed to achieve the control objectives throughout a specified period. 


e The controls related to the control objectives outlined in management's description 
operated effectively to achieve the control objectives throughout a specified period. 


3. The auditor's opinion on management's assertion and a description of the service auditor's 
tests of controls and the results of those tests. 
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1.5.4 Sample Report: Type 2 Service Auditor's Report 


A5-64 


Independent Service Auditor's Report on XYZ Service Organization's Description of 
Its System and the Suitability of the Design and Operating Effectiveness of Controls 


To: XYZ Service Organization 
Scope 


We have examined XYZ Service Organization's description of its [type or name of] system 
entitled "XYZ Service Organization's Description of Its [type or name of] System" for 
processing user entities’ transactions [or identification of the function performed by the 
system] throughout the period [date] to [date] (description) and the suitability of the 
design and operating effectiveness of the controls included in the description to achieve 
the related control objectives stated in the description, based on the criteria identified 
in "XYZ Service Organization's Assertion" (assertion). The controls and control objectives 
included in the description are those that management of XYZ Service Organization 
believes are likely to be relevant to user entities’ internal control over financial reporting, 
and the description does not include those aspects of the [type or name of] system that 
are not likely to be relevant to user entities’ internal control over financial reporting. 


Service Organization's Responsibilities 


In [section number where the assertion is presented], XYZ Service Organization has provided 
an assertion about the fairness of the presentation of the description and suitability of 
the design and operating effectiveness of the controls to achieve the related control 
objectives stated in the description. XYZ Service Organization is responsible for preparing 
the description and assertion, including the completeness, accuracy, and method 

of presentation of the description and assertion, providing the services covered by 

the description, specifying the control objectives and stating them in the description, 
identifying the risks that threaten the achievement of the control objectives, selecting the 
criteria stated in the assertion, and designing, implementing, and documenting controls 
that are suitably designed and operating effectively to achieve the related control 
objectives stated in the description. 


Service Auditor's Responsibilities 


Our responsibility is to express an opinion on the fairness of the presentation of the 
description and on the suitability of the design and operating effectiveness of the 
controls to achieve the related control objectives stated in the description, based on 
our examination. 


Our examination was conducted in accordance with attestation standards established by 
the American Institute of Certified Public Accountants. Those standards require that we 
plan and perform the examination to obtain reasonable assurance about whether, in all 
material respects, based on the criteria in management's assertion, the description is fairly 
presented and the controls were suitably designed and operating effectively to achieve 
the related control objectives stated in the description throughout the period [date] to 
[date]. We believe that the evidence we obtained is sufficient and appropriate to provide a 
reasonable basis for our opinion. 


(continued) 


AUD 5 
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(continued) 


An examination of a description of a service organization's system and the suitability of 
the design and operating effectiveness of controls involves: 


= performing procedures to obtain evidence about the fairness of the presentation 
of the description and the suitability of the design and operating effectiveness 
of the controls to achieve the related control objectives stated in the description, 
based on the criteria in management's assertion. 


™ assessing the risks that the description is not fairly presented and that the controls 
were not suitably designed or operating effectively to achieve the related control 
objectives stated in the description. 


m= testing the operating effectiveness of those controls that management considers 
necessary to provide reasonable assurance that the related control objectives 
stated in the description were achieved. 


= evaluating the overall presentation of the description, suitability of the control 
objectives stated in the description, and suitability of the criteria specified by the 
service organization in its assertion. 


Inherent Limitations 


The description is prepared to meet the common needs of a broad range of user entities 
and their auditors who audit and report on user entities’ financial statements and may 
not, therefore, include every aspect of the system that each individual user entity may 
consider important in its own particular environment. Because of their nature, controls 
at a service organization may not prevent, or detect and correct, all misstatements 

in processing or reporting transactions [or identification of the function performed by 

the system]. Also, the projection to the future of any evaluation of the fairness of the 
presentation of the description, or conclusions about the suitability of the design or 
operating effectiveness of the controls to achieve the related control objectives, is subject 
to the risk that controls at a service organization may become ineffective. 


Description of Tests of Controls 


The specific controls tested and the nature, timing, and results of those tests are listed 
in [section number where the description of tests of controls is presented]. 


Opinion 
In our opinion, in all material respects, based on the criteria described in XYZ Service 
Organization's assertion: 


a. the description fairly presents the [type or name of] system that was designed and 
implemented throughout the period [date] to [date]. 


b. the controls related to the control objectives stated in the description were 
suitably designed to provide reasonable assurance that the control objectives 
would be achieved if the controls operated effectively throughout the period [date] 
to [date]. 


c. the controls operated effectively to provide reasonable assurance that the control 
objectives stated in the description were achieved throughout the period [date] 
to [date]. 


(continued) 
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(continued) 


Restricted Use 


This report, including the description of tests of controls and results thereof in [section 
number where the description of tests of controls is presented], is intended solely for 
the information and use of management of XYZ Service Organization, user entities 

of XYZ Service Organization's [type or name of] system during some or all of the 

period [date] to [date], and their auditors who audit and report on such user entities’ 
financial statements or internal control over financial reporting and have a sufficient 
understanding to consider it, along with other information, including information about 
controls implemented by user entities themselves, when assessing the risks of material 
misstatement of user entities’ financial statements. This report is not intended to be, 
and should not be, used by anyone other than the specified parties. 


[Service auditor's signature] 
[Service auditor's city and state] 
[Date of the service auditor's report] 


2? User Auditor Considerations 


2.1 User Auditor Responsibilities 


The user auditor should obtain an understanding of the nature and significance of the services 
provided by the service organization and the effect on the user entity's system of internal 
control, sufficient to provide an appropriate basis for the identification and assessment of 

the risks of material misstatement and design and perform audit procedures responsive to 
those risks. 


When a SOC 1® service auditor's report is available, the user auditor may utilize the report in its 
assessment of the user entity's internal controls. 


= SOC 1®Type 1 Report: A Type 1 Report may aid the user auditor in obtaining an 
understanding of controls. However, a Type 1 Report is provided when tests of the 
operating effectiveness of the service organization's controls were not performed, and 
therefore it does not provide the user auditor with a basis for reducing the assessment of 
control risk below maximum for areas of the entity's accounting that are affected by the 
service organization. 


m= SOC 1®Type 2 Report: A Type 2 Report provides the user auditor with assurance about the 
design, implementation, and operating effectiveness of the service organization's internal 
controls and therefore may provide evidence that would allow a reduction in the assessed 
level of control risk for areas of the entity's accounting that are affected by the service 
organization. 


Alternatively, such evidence (to allow reduction in assessed risk) can be obtained directly by the 
user auditor, either by testing the user organization's controls over the service organization's 
activities, or by performing tests of controls at the service organization. 
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When the user auditor plans to use a SOC 1® Type 2 report as audit evidence that the controls at 
the service organization are operating effectively, the user auditor should be satisfied regarding: 


1. the service auditor's competence and independence; 
2. the adequacy of the standards under which the report was issued; 


3. whether the period of time covered by the report is appropriate for the user auditor's 
purposes; 


4. the adequacy of the time period covered by the tests of controls and the time elapsed since 
the performance of the tests of controls; 


5. whether any complementary controls address the risks of material misstatement in the 
user entity's financial statements and, if so, obtaining an understanding of the design and 
operating effectiveness of such controls; and 


6. the evaluation of whether the tests of controls performed by the service auditor are relevant 
to the assertions in the user entity's financial statements and provide sufficient appropriate 
audit evidence to support the user auditor's risk assessment. 


2.2 Reporting by the User Auditor 


The user auditor should issue a qualified opinion or a disclaimer of opinion if the user auditor 
is unable to obtain sufficient appropriate audit evidence regarding the services provided by a 
service organization relevant to the audit. 


The user auditor should not make reference to the report of the service auditor in an 
unmodified opinion issued by the user auditor. 


The user auditor is permitted to make reference to the work of a service auditor in the user 
auditor's report to explain a modification of the user auditor's opinion. 
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6 Reporting on Compliance 


1 Compliance Reporting 


Reporting on compliance may be done in several situations: 


=m An auditor may be asked to report on compliance with contractual agreements or regulatory 
requirements in connection with a financial statement audit. 


= Apractitioner may be asked to report on an attestation engagement regarding an entity's 
compliance with requirements of specific laws and regulations or on internal control over 
compliance. 


=m An auditor may report on compliance and internal control over compliance as part of a 
single audit engagement when auditing a recipient of federal financial assistance. 


2 Compliance Reports in Connection 
With Audited Financial Statements 


Often an auditor is asked to issue a report on a client's compliance with contractual agreements 
or regulatory requirements in connection with a financial statement audit. The auditor 

must have audited the client's financial statements and may only issue negative assurance 

on compliance. 


This engagement is neither a compliance audit nor an attestation engagement, both of which 
may also be performed in relation to an entity's compliance with contractual agreements or 
regulatory requirements. 


2.1 Negative Assurance 


2.1.1 No Identified Instances of Noncompliance 


Negative assurance, in the form of a statement that nothing came to the auditor's attention that 
caused the auditor to believe that the entity failed to comply with the specified aspects of the 
contractual agreement or regulatory requirement, may be given when: 


1. there are no identified instances of noncompliance; 


2. the auditor has expressed an unmodified opinion or qualified opinion on the financial 
statements; and 


3. the applicable covenants or regulatory requirements have been subjected to audit 
procedures as part of the financial statement audit. 


© Becker Professional Education Corporation. All rights reserved. Module 6 A5-69 


Reporting on Compliance AUD 5 


2.1.2 Identified Instances of Noncompliance 


When the auditor identifies one or more instances of noncompliance, the report on compliance 
should describe the noncompliance. If an adverse opinion or a disclaimer of opinion is 
expressed on the financial statements, a report on compliance can only be issued when there 
are identified instances of noncompliance. 


2.2 Report on Compliance 


The report on compliance should be in writing and may either be a separate report or provided 
in one or more paragraphs in the auditor's report on the financial statements. 


3. Attestation Standards: Compliance Attestation 


The attestation standards address two types of engagements: 


1. Compliance With Specified Requirements: An entity's compliance with requirements of 
specified laws, regulations, rules, contracts, or grants. 


2. Internal Control Over Compliance: An entity's internal control over compliance with 
specified requirements. 


An SSAE report does not provide a legal determination of an entity's compliance with specified 
requirements. However, such a report may be useful to legal counsel or others in making such 
determinations. 


Practitioners may be engaged to perform agreed-upon procedures or examination engagements 
on an entity's compliance. A practitioner should not accept an engagement to perform a review. 


3.1 Agreed-Upon Procedures Engagements 


The practitioner may be engaged to perform agreed-upon procedures to assist users in 
evaluating the following subject matter (or assertions): 


=m The entity's compliance with specified requirements. 
= The entity's internal control over compliance with specified requirements. 


= Both the entity's compliance with specified requirements and the entity's internal control 
over compliance with specified requirements. 


A practitioner may perform an agreed-upon procedures engagement related to an entity's 
compliance with specified requirements or the entity's internal control over compliance if the 
following conditions are met: 


=m The responsible party accepts responsibility for the entity's compliance with specified 
requirements and the entity's internal control over compliance with specified requirements. 


= The responsible party evaluates the entity's compliance with specified requirements or the 
entity's internal control over compliance with specified requirements. 


The objective of the practitioner's agreed-upon procedures is to present specific findings to 
assist users in evaluating an entity's compliance with specified requirements or the entity's 
internal control over compliance based on procedures agreed upon by the users of the report. 


In agreed-upon procedures engagements on an entity's compliance with specified requirements 
or about the entity's internal control over compliance, the practitioner is required to perform 
only the procedures that have been agreed to by users. The practitioner has no obligation to 
perform procedures beyond the agreed-upon procedures. 
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3.2. Examination Engagements 


The practitioner may be engaged to examine the entity's compliance with requirements of 
specified laws, regulations, rules, contracts or grants (specified requirements), or a written 
assertion about compliance with specified requirements. 


A practitioner may perform an examination engagement related to an entity's compliance with 
specified requirements if the following conditions are met: 


1. The responsible party accepts responsibility for the entity's compliance with specified 
requirements and the effectiveness of the entity's internal control over compliance; 


2. The responsible party evaluates the entity's compliance with specified requirements; and 
3. Sufficient evidential matter exists or could be developed to support management's evaluation. 


The objective of the practitioner's examination procedures applied to an entity's compliance 
with specified requirements is to express an opinion on an entity's compliance (or assertion 
related thereto), based on the specified criteria. To express such an opinion, the practitioner 
accumulates sufficient evidence about the entity's compliance with specified requirements, 
thereby restricting attestation risk to an appropriately low level. 


3.3. Materiality 


In an examination of an entity's compliance with specified requirements, the practitioner's 
consideration of materiality is affected by (a) the nature of the compliance requirements, 
which may or may not be quantifiable in monetary terms; (b) the nature and frequency of 
noncompliance identified with appropriate consideration of sampling risk; and (c) qualitative 
considerations, including the needs and expectations of the report's users. 


3.4 Overall Requirements for Compliance Examination 

Practitioners are expected to perform the following in relation to a compliance examination: 
Perform a risk assessment. 

Design responses to the risk assessment. 

Determine if supplementary audit requirements exist. 


Obtain written representations from management. 


yy PWN > 


Prepare reports. 


6. Prepare required documentation. 


3.5 Required Documentation 
Required documentation includes the following: 
=m The assessed risk of material noncompliance, including: 
e The procedures performed. 
e Documentation of internal control (narratives, flowcharts, etc.). 
m Responses to the risk assessment, including: 
e The procedures performed to test compliance and results of procedures. 
e Tests of controls. 
=m The basis or rationale for materiality levels. 


= Compliance with supplemental requirements. 
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Ves Pass Key 


Compliance report in Auditing standards (SAS) | Negative assurance 
connection with audited 
financial statements 


Agreed-upon procedures Attestation standards (SSAE) | No assurance 


Examination Attestation standards (SSAE) | Reasonable assurance 


3.6 Representation Letter 


In an examination engagement or an agreed-upon procedures engagement, the practitioner 
should obtain written representations from the responsible party (management), which includes 
the following statements: 


m Management takes responsibility for complying with the specified requirements. 


= Management takes responsibility for establishing and maintaining effective internal control 
over compliance. 


m Management has performed an evaluation of: 
e the entity's compliance with specified requirements; or 


e the entity's controls for ensuring compliance and detecting noncompliance with 
requirements, as applicable. 


Management has disclosed to the practitioner all known noncompliance. 
Management has made available all documentation related to compliance. 


Management's interpretation of any compliance requirements that have varying interpretations. 


Management has disclosed any communications from regulatory agencies, internal 
auditors, and other practitioners concerning possible noncompliance. 


m Management has disclosed any known noncompliance occurring subsequent to the period 
for which, or date as of which, they made their assertion. 
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4 Attestation Risk of Noncompliance 


Attestation risk is the risk that the practitioner may unknowingly fail to modify appropriately his 
or her opinion. Similar to a financial statement audit, it is composed of inherent risk (assessed by 
auditor), control risk (assessed by auditor), and detection risk (controlled by auditor). The audit 
risk of noncompliance model adapts the terminology and relationships of the audit risk model. 


Audit risk of Risk of material 
noncompliance = noncompliance 
(should be low) (assessed by auditor) 


Detection risk 
(controlled by auditor) 


4.1 Risk of Material Noncompliance 
The risk of material noncompliance is composed of two elements: 


1. Inherent Risk of Noncompliance 


The susceptibility of a compliance requirement to noncompliance that could be material, 
assuming that there are no related controls. Inherent risk exists independent of the audit. 
The auditor cannot change this risk, but can change the assessment of the risk based on 
evidence gathered during the audit. 


2. Control Risk of Noncompliance 


The risk that noncompliance with a compliance requirement that could be material will not 
be prevented or detected on a timely basis by an entity's internal control. Control risk exists 
independent of the audit. The auditor cannot change this risk, but can change the assessment 
of the risk based on evidence gathered during the audit. 


The stronger the system of controls over compliance, the greater the reliance that may 
be placed on the controls, and the fewer the tests of details (or the lower the quality of 
evidence) required. 


4.2 Detection Risk of Noncompliance 


The risk that the auditor will not detect material noncompliance that exists. Detection risk relates 
to the auditor's procedures. The auditor can change this risk by varying the nature, extent, or 
timing of audit procedures. 


As the acceptable level of detection risk decreases, the assurance provided by tests of details 
(including tests of implementation of corrective actions from previous audits) should increase. 
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NOTES 


A5-74 Module 6 © Becker Professional Education Corporation. All rights reserved. 


MODULE + 


T Government Audits 


1 Sources of Government Auditing Standards 


GAAS and GAGAS are the sources of standards for governmental audits. 


1.1 GAAS: Generally Accepted Auditing Standards 


Generally accepted auditing standards (GAAS) for the audits of nonissuers are issued by the 
AICPA's Auditing Standards Board (ASB) in the form of Statements on Auditing Standards 
(SAS). The ASB's Statements on Auditing Standards are outlined in Section AU-C of the AICPA 
Professional Standards and have been described previously. GAAS are applicable to all audits. 


1.2 GAGAS: Government Auditing Standards (Yellow Book) 


Generally accepted government auditing standards (GAGAS) are organized as foundations 
and ethical principles, general standards, standards for financial audits and attestation 
engagements, and field work and reporting standards for performance audits. GAAS are 
incorporated by reference and additional standards applicable to government expand the 
auditors' requirements. 


GAGAS contain standards for audits of: 
=m Government organizations, programs, activities, and functions. 
e  GAGAS are foundational to audits of federal entities and federal financial assistance. 


e  GAGAS are frequently adopted by state and local governments as principles applicable 
to audits of state and local governments regardless of expenditure of federal funding. 


= Government assistance received by contractors, not-for-profit organizations, and other 
nongovernmental organizations. 


e Federal financial assistance (federal awards) provided to non-federal entities require 
completion of an audit under the provisions of the Single Audit Act. The Single Audit Act 
regulations also require conformity with the standards within GAGAS. 


GAGAS define "unconditional requirements" with which the auditor "must" comply and 
"presumptively mandatory requirements" with which the auditor "should" comply. The 
reason for not observing presumptively mandatory requirements that are not observed 
must be documented. 
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2 Purposes and Types of Government Audits 


2.1. Financial Audits 


2.1.1 GAAP Basis Financial Statements 


Financial statement audits performed according to Government Auditing Standards (the Yellow 
Book) incorporate GAAS and determine whether the financial statements present fairly the 
financial position, results of operations, and, where applicable, cash flows in accordance with 
generally accepted accounting principles. 


2.1.2 Financial Statements in Conformity With Special Purpose Frameworks 


Engagements can also include audits of financial statements prepared in conformity with a 
special purpose framework or other comprehensive basis of accounting (OCBOA). Government 
regulators generally specify the OCBOA to be used in relation to financial assistance provided to 
organizations. Government audit standards can be used in connection with audits of nonissuers 
for audits otherwise conducted using AICPA standards, and audits of issuers otherwise 
conducted using PCAOB standards. 


2.2. Attestation Engagements 


Attestation engagements performed in conformity with Government Auditing Standards (the 
Yellow Book) incorporate the AICPA's standards for examinations, reviews, and agreed- 
upon procedures by reference and include expanded requirements. Subjects of attestation 
agreements could include: 


1. Compliance with specified laws, regulations, rules, contracts, or grants. 


2. Effectiveness of internal control over compliance with specified requirements 
(e.g., bidding etc.). 


3. Presentation of management's discussion and analysis (MD&A). 


4. Reliability of performance measures. 


2.3. Performance Audits 


Performance audits provide objective analysis, findings, and conclusions to assist management 
and those charged with governance and oversight to, among other things, improve program 
performance and operations, reduce costs, facilitate decision making by parties with 
responsibility to oversee or initiate corrective action, and contribute to public accountability. 


Performance audits under GAGAS include a range of engagements governed by specific 
standards and can have varying objectives. Some objectives may overlap with each other 
and with the objectives of attestation engagements. Because of this, some engagements can 
be satisfied by following the standards applicable to either an attestation engagement or 
performance audit. 
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Key categories of performance audit objectives include: 


1. Effectiveness, Economy, and Efficiency 


Audit objectives that focus on program effectiveness and results to evaluate whether 
programs are meeting their goals and objectives, and which address the costs and 
resources used to execute program initiatives. Examples include: 


e Achievement of legislative, regulatory, or organizational goals. 
e Evaluation of cost benefit or cost effectiveness. 
e Validity or reliability of performance measures. 


2. Internal Control 
Audit objectives that relate to evaluating internal control over effective and efficient 


operations, reliable reporting, or compliance with laws and regulations. Examples include: 
e Organizational missions, goals, and objectives are achieved efficiently and effectively. 
e Resources are used in compliance with laws, rules, and regulations. 

e Security over computerized systems is effective. 


e Disaster plans for computerized systems are adequate. 


3. Compliance 


Audit objectives that relate to evaluating compliance with criteria established by provisions 
of laws, regulations, contracts, and grant agreements, or other requirements that could 
affect the acquisition, protection, use, and disposition of resources and the quantity, 
quality, timeliness, and cost of services provided in connection with programs. Compliance 
requirements can be either financial or nonfinancial. Examples include: 


e Compliance criteria established by laws, regulations, contract, etc., have been met. 


e Appropriate target population has been served. 


4. Prospective Analysis 


Audit objectives to evaluate events that may occur in the future or to suggest actions an 
entity may take in response to future needs. 


e Provide analysis or conclusions about information that is based on assumptions about 
events that may occur in the future, along with possible actions that the entity may take 
in response to the future events. 


In the 2018 Revision of Yellow Book, the GAO added guidance that auditors should consider 
whether internal controls are significant to the audit objectives and, if so, should determine 
which of the five COSO components are significant. Similar to a financial statement audit, the 
auditors would then assess the design and implementation of internal controls and potentially 
test the operating effectiveness of internal controls. Any deficiencies should be assessed and 
used in the evaluation of identified findings. 


2.4 Determine if Supplementary Audit Requirements Exist 


The entity may have audit requirements that go beyond GAAS and GAGAS. The auditor must 
make that determination. 


A common example of supplementary audit requirements is the Single Audit requirements 
related to federal financial assistance. 
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3  ~©Government Auditing Standards (GAGAS) 


Generally accepted government auditing standards (GAGAS) include the following standards for 
financial audits. 


3.1. Standards for Financial Audits: Performing Financial Audits 


GAGAS include a number of requirements for performing financial audits in addition to the 
standard GAAS requirements. 


3.1.1 Previous Audits and Attestation Engagements 


The auditor should evaluate whether appropriate corrective actions to address findings and 
recommendations from previous audit and attestation engagements have been addressed. 
Planning procedures should include inquiry of management about the status of previous 
audits and recommendations. Management's response should be included in the auditor's 
risk evaluation. 


3.1.2 Fraud, Noncompliance, and Abuse 


Audits in accordance with GAGAS require additional attention to fraud, noncompliance with laws 
and regulations, and abuse. The auditor should: 


= Consider compliance with contracts or grant agreements in addition to laws and regulations. 
m™ Consider the occurrence of abuse: 


e Abuse involves deficient or improper behavior, including the misuse of authority or 
position for gain. It does not necessarily involve fraud or noncompliance 


e Auditors are not required to detect abuse because abuse is subjective. 


e Awareness of abuse that is quantitatively or qualitatively material to the audit obligates 
the auditor to perform further testing. 


= Auditors should avoid interference with investigations or legal proceedings when pursuing 
indications of fraud or noncompliance. 


3.1.3 Developing a Finding 


GAGAS define the specific requirements associated with developing a finding to be reported to 
both the audited entity and others. Auditors should plan and perform procedures to develop the 
elements of a finding that are relevant and necessary to achieve audit objectives. The elements 
of a finding include criteria, conditions, cause, and effect or potential effect. 


= Criteria: Criteria define expectations of a program or operation. Criteria are often laws, 
regulations, contracts, or grant agreements. Criteria may also be standards or benchmarks. 


= Condition: The condition is the situation or status that exists. 


=m Cause: The cause is the reason for the condition or the deviation from the criteria. Examples 
include poorly designed policies, inconsistent implementation of policies, etc. 


= Effect or Potential Effect: The effect or potential effect is a clear logical link between the 
condition and the deviation from criteria. It describes the outcomes or consequences of the 
condition. Effect demonstrates the need for corrective action. 
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3.1.4 Audit Documentation 


Under GAGAS, auditors also should document, before the audit report is issued, evidence 
of supervisory review of the work performed that supports findings, conclusions, and 
recommendations contained in the audit report. 


Auditors should also document departures from GAGAS and the impact on the audit due to 
noncompliance caused by law, regulation, scope limitations, etc. 


3.1.5 Auditor Communication 


In addition to the AICPA requirements for auditor communication, auditors should communicate 
pertinent information that in the auditors' professional judgment needs to be communicated to 
individuals contracting for or requesting the audit, and to cognizant legislative committees when 
auditors perform the audit pursuant to a law or regulation, or they conduct the work for the 
legislative committee that has oversight of the audited entity. 


This requirement does not apply if the law or regulation requiring an audit of the financial 
statements does not specifically identify the entities to be audited, (i.e., single audits). 


When law or regulation preclude an auditor's option to withdraw from an engagement or 
withhold a report as a result of uncorrected material misstatements, the auditor may issue 
a report or written communication to those charged with governance and the appropriate 
statutory body giving details of the material misstatement. 


3.2 Standards for Financial Audits: Reporting on Financial Audits 


GAGAS also include a number of requirements for reporting on financial audits in addition to the 
standard GAAS requirements. Auditors should include a statement in the audit report that they 
complied with GAGAS. 


3.2.1 Report on Internal Control and Compliance With Provisions of Laws, 
Regulations, Contracts, Grant Agreements, and Federal Awards 


When providing an opinion or a disclaimer on financial statements, auditors should also report on 
internal control over financial reporting and on compliance with provisions of laws, regulations, 
contracts, grant agreements, or federal awards that have a material effect on the financial statements. 


Auditors should include in the same or separate reports a description of the scope of the 
auditors’ testing of internal control over financial reporting and compliance with laws, 
regulations, contracts, grant agreements, and federal awards. Auditors should state whether the 
tests the auditor performed provide sufficient appropriate evidence to support an opinion on 
the effectiveness of internal control over compliance. 


=m Reports should be made regardless of whether there are internal control deficiencies. 


= The objective of the GAGAS requirement for reporting on internal control over financial 
reporting differs from the objective of an audit of internal control in accordance with AICPA 
standards. GAGAS does not require that the auditor express an opinion on internal controls. 


e GAGAS only require a report on internal control and compliance that describes the 
scope of the auditor's testing and any findings. However, the auditor may elect to 
increase testing to a level that provides sufficient appropriate evidence to support an 
opinion on the effectiveness of internal control over compliance. 


e Inan audit of internal control in accordance with AICPA standards, the standards 
require the auditor to provide a high level of assurance about internal control over 
financial reporting in the form of an opinion. 


= The report on financial statements should reference the existence of a separate report on 
internal control and compliance if separate reports are used (including separate reports 
bound in the same document). 
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3.2.2. Communicate Deficiencies in Internal Control, Fraud, and Noncompliance 


= Deficiencies in Internal Control: Auditors should communicate in the report on internal 
control over financial reporting and compliance, based upon the work performed, significant 
deficiencies and material weaknesses in internal control. 


= Instances of Fraud and Noncompliance: The auditor should report to the appropriate 
members of the audited organization: 


e Fraud and noncompliance with laws or regulations that have a material effect on the 
financial statements; 


e Noncompliance with provisions of contracts or grant agreements that have a material 
effect on the financial statements; and 


e Abuse that is material either quantitatively or qualitatively. Examples of abuse include 
creating unneeded overtime, requesting staff to perform personal errands for a 
supervisor or manager, making expensive or extravagant travel arrangements, and 
making vendor selections contrary to policy. 


= Less Than Material Findings: Less than material findings should be communicated in 
writing to appropriate officials. 


= Presenting Findings in the Auditors’ Reports: A listing of findings and management 
responses is included in the report on internal control and compliance, or may be separately 
presented in a schedule of findings. The presentation of findings should: 


e Comply with the guidance for elements of a finding. 


e Be placed in perspective by describing the nature and extent of the issues reported and 
the extent of the work performed. 


= Reporting Findings to Outside Parties: Findings may be communicated to parties outside 
the audited organization when management fails to: 


e — Satisfy legal or regulatory requirements to report. 


e Take time and appropriate steps to respond to known or likely fraud, noncompliance, 
or abuse. 


3.2.3 Report Views of Responsible Officials 


Auditors must report their findings and also solicit and report the views of responsible officials 
along with any planned corrective actions. Providing a draft report with findings to appropriate 
members of the audited organization promotes the development of fair, complete, and objective 
reports. Responses of the audited organization should be in writing, but oral comments 

are acceptable. 


=m Written responses by the audited organization are included in the auditor's report. 
= Oral responses will be confirmed in writing by the auditor, but not published in the report. 


= Responses from the audited organization that either contradict or fail to fully address the 
auditor's comments should prompt the following actions: 


e Evaluate the validity of the audited organization's comments; and 
e Explain the basis for the disagreement in the report or modify the comment. 


=m Auditors may issue their reports without responses if the audited entity refuses to make 
comments or is unable to make comments. The audit report should disclose that the 
audited entity did not provide comments. 
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3.2.4 Reporting Confidential or Sensitive Information 


Audit reports should disclose the exclusion of confidential or sensitive information from an audit 
report by: 


= reporting the omission of information, and 
= stating the reason or other circumstances that made the omission necessary. 


Auditors may issue separate, classified, or limited use reports that are distributed to only the 
persons authorized by law or regulation to receive the confidential information. 


Auditors should evaluate whether the omission of confidential or sensitive information could 
distort audit results or conceal improper or illegal practices. 


3.2.5 Distribution of Reports 

Audit organizations should distribute auditor's reports to: 

=m those charged with governance; 

= audited entity officials; 

= oversight bodies or those who require or arrange for the audits; 
a 


officials with oversight authority or who may be responsible for acting on audit findings and 
recommendations; and 


= all others authorized to receive reports. 
Other distribution considerations include: 


= Internal audit organizations in government entities must follow Institute of Internal Auditors 
(IIA) International Standards for the Professional Practice of Internal Auditing. 


e The head of the internal audit organization must consider the risks to the audited 
organization prior to release of reports outside of the organization. 


e The head of the internal audit organization should consult with senior management and 
control dissemination of reports to intended users. 


=m Independent external auditors should clarify report distribution responsibilities with the 
party contracting for the audit. 


= Auditors should document any limitation on report distribution. 


3.2.6 Additional GAGAS Considerations for Financial Audits 
= Materiality Thresholds 
GAGAS auditors should consider reducing materiality thresholds in response to: 
e — public accountability issues; 
e various legal and regulatory requirements; and 
e visibility and sensitivity of government programs. 
= Early Communication of Deficiencies 
Deficiencies may be reported early when: 
e Urgency or significance of findings may require faster corrective actions or follow-up. 


e Ongoing noncompliance undetected by management should be stopped. 
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3.2.7 Sample Report: GAGAS (Yellow Book) Report on Internal Control 


A5-82 


and Compliance 


Independent Auditor's Report 
[Appropriate Addressee] 


We have audited, in accordance with the auditing standards generally accepted 

in the United States of America and the standards applicable to financial audits 
contained in Government Auditing Standards issued by the Comptroller General of the 
United States, the financial statements of the governmental activities, the business- 
type activities, the aggregate discretely presented component units, each major 
fund, and the aggregate remaining fund information of the [name of entity], as of and 
for the year ended June 30, 20X1, and the related notes to the financial statements, 
which collectively comprise the [name of entity]'s basic financial statements, and 
have issued our report thereon dated August 15, 20X1. 


Internal Control Over Financial Reporting 


In planning and performing our audit of the financial statements, we considered 
the [name of entity]'s internal control over financial reporting (internal control) to 
determine the audit procedures that are appropriate in the circumstances for the 
purpose of expressing our opinions on the financial statements, but not for the 
purpose of expressing an opinion on the effectiveness of the [name of entity]'s 
internal control. Accordingly, we do not express an opinion on the effectiveness of 
the [name of entity]'s internal control. 


A deficiency in internal control exists when the design or operation of a control does not 
allow management or employees, in the normal course of performing their assigned 
functions, to prevent, or detect and correct, misstatements on a timely basis. A 
material weakness is a deficiency, or a combination of deficiencies, in internal control, 
such that there is a reasonable possibility that a material misstatement of the entity's 
financial statements will not be prevented, or detected and corrected on a timely 
basis. A significant deficiency is a deficiency, or a combination of deficiencies, in internal 
control that is less severe than a material weakness, yet important enough to merit 
attention by those charged with governance. 


Our consideration of internal control was for the limited purpose described in the 
first paragraph of this section and was not designed to identify all deficiencies in 
internal control that might be material weaknesses or significant deficiencies. Given 
these limitations, during our audit we did not identify any deficiencies in internal 
control that we consider to be material weaknesses. However, material weaknesses 
may exist that have not been identified. 


Compliance and Other Matters 


As part of obtaining reasonable assurance about whether the [name of entity]'s 
financial statements are free from material misstatement, we performed tests of 

its compliance with certain provisions of laws, regulations, contracts, and grant 
agreements, noncompliance with which could have a direct and material effect 

on the determination of financial statement amounts. However, providing an 
opinion on compliance with those provisions was not an objective of our audit, and, 
accordingly, we do not express such an opinion. The results of our tests disclosed no 
instances of noncompliance or other matters that are required to be reported under 
Government Auditing Standards. 


(continued) 
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(continued) 


Purpose of This Report 


The purpose of this report is solely to describe the scope of our testing of internal 
control and compliance and the results of that testing, and not to provide an opinion 
on the effectiveness of the entity's internal control or on compliance. This report 

is an integral part of an audit performed in accordance with Government Auditing 
Standards in considering the entity's internal control and compliance. Accordingly, 
this communication is not suitable for any other purpose. 


[Auditor's signature] 
[Auditor's city and state] 
[Date of the auditor's report] 


Pass Key 


The "Yellow Book" report is an additional report required under GAGAS. 


For the financial statement audit, the audit report is the same as a standard nonissuer 
report, except for the following changes: 


= The auditor's responsibility paragraph should state that the audit was conducted in 
accordance with both U.S. GAAS and Government Auditing Standards. 


= An other-matter paragraph should be added to the end of the report referencing the 
GAGAS (Yellow Book) report. 


3.3. Written Representations From Management (GAGAS) 


GAAS guidance with respect to client representations should be followed. The following 
representations, consistent with or in addition to GAAS, should be included: 


m= There are no violations or possible violations of laws or regulations whose effects should 
be considered for disclosure in the financial statements or as a basis for recording a loss 
contingency (same as GAAS). 


=m Management is responsible for the entity's compliance with laws and regulations 
applicable to it. 


m Management has identified and disclosed in writing to the auditor all the laws and 
regulations that have a direct and material effect on its financial statements. 
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3.4 Reporting: Internal Control 


The auditor should report all significant deficiencies and material weaknesses in internal control. 
GAGAS (like GAAS) require the auditor to: 


= Obtain an understanding of the design of relevant controls and determine whether they 
have been implemented. 


= Communicate all significant deficiencies (reportable conditions) noted during the audit, even 
those that are not material weaknesses. 


GAGAS require a written report on the auditor's understanding of internal control and the 
assessment of control risk in all audits. This is different from GAAS, which require written 
communication only when significant deficiencies (reportable conditions) are noted. 


Significant deficiencies should be reported to specific legislative and regulatory bodies. 


Pass Key 


One of the most tested features related to government audits is the requirement that a 
written report on internal control be prepared. The content of that report is also frequently 
tested, and it includes: 


e The assertion that evaluating compliance with laws, rules, and regulations with a direct 
and material effect on the financial statements is part of developing an opinion on 
financial statements. 


e The assertion that specific controls relating to financial reporting are considered. 


e An indication that either no weaknesses were found or that significant deficiencies 
(reportable conditions) were found, and an indication whether those deficiencies 
were material. 


In a financial statement audit, GAGAS require a report on internal controls over financial 
reporting, not a report on internal controls over compliance. 
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1 Overview of Single Audits 


1.1. Audit Requirements for Federal Financial Assistance 


Audits of recipients of federal financial assistance should be conducted in accordance with both 
GAAS and GAGAS. The following requirements also apply: 


= Expanded internal control documentation and testing requirements. 


m Expanded reporting to include formal written reports on the consideration of internal 
control and the assessment of control risk. 


=m Expanded reporting to include whether the federal financial assistance has been 
administered in accordance with applicable laws and regulations (i.e., compliance 
requirements). 


= Application of single audit standards to federal financial assistance. 


L Pass Key 


The examiners focus on expanded audit and reporting requirements related to audits 
of organizations that receive government assistance, particularly federal financial 
assistance. Fact patterns often focus on either the additional requirements associated 
with GAGAS and 2 CFR 200 single audits or on the differences between government and 
commercial auditing. 


1.2 Responsibilities Under the Single Audit Act 


1.2.1 Nature and Scope of the Single Audit Act 


The Single Audit Act is designed to improve the effectiveness of audits of federal awards and 
reduce the burden of federal audit requirements of recipients of federal financial assistance. 


The Single Audit Act is governed by provisions of federal regulations in Title 2 of the Code of 
Federal Regulations, 200.500-521, part of regulations included in what is commonly known as 
the "Uniform Grant Guidance." It requires entities that expend total federal assistance equal to 
or in excess of $750,000 in a fiscal year to have an audit performed in accordance with the act. 


The act allows for either a single or program-specific audit. The program-specific audit election is 
only available to certain grant recipients who meet highly restrictive criteria, including: 


=m Awards are expended under a single federal program. 


= No financial statement audit is required. 
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Nonfederal entities that expend less than $750,000 a year in federal awards are exempt from 
federal audit requirements for that year. 


1.2.2 Objectives of the Single Audit 
A single audit has two main objectives: 


1. Audit of the entity's financial statements and reporting on a separate schedule of 
expenditures of federal awards in relation to those financial statements. 


2. Compliance audit of federal awards expended during the year as a basis for issuing 
additional reports on compliance related to major programs and on internal control 
over compliance. 


1.2.3 Materiality Determinations 


The Single Audit Act requires that the materiality of the transaction or other compliance finding 
be considered separately in relation to each major program, not simply in relation to the 
financial statements taken as a whole. 


Major programs are determined in accordance with formulas prescribed by 2 CFR 200 single 
audit requirements. Generally, programs classified as major are those that expend $750,000 
or more in federal financial assistance, but smaller programs may be deemed major if they are 
classified as "high risk," even if they do not meet the monetary threshold. The Uniform Grant 
Guidance provides guidance on applying this "risk-based approach" to program selection. 


Ua Pass Key 


The audit threshold for federal audit requirements is expenditure of $750,000 of federal 
financial assistance. 


Single audits are generally required unless the restrictive requirements of a program-specific 
audit are met. 


Program-specific audits are used when the expenditures are made under only one program 
and the terms of the award do not require a financial statement audit. 


Under both GAAS and GAGAS, materiality is considered in relation to the financial statements 
being audited taken as a whole. 


ya Pass Key 


Remember, a single audit includes a separate evaluation of materiality for each major 
program selected. 


1.2.4 Audit Requirements Apply to Recipients and Subrecipients 


Audit requirements apply to recipients and subrecipients of federal financial assistance. 
Contractors have more limited requirements. 
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Ves Pass Key 


Federal award recipients (e.g., a city expending funds received directly from the 

U.S. Department of Housing and Urban Development, or HUD) or a subrecipient (e.g., a city 
expending funds received from a state that received the funds from HUD) are subject to 
audit requirements associated with federal financial assistance. 


Contractors (e.g., those who are paid by recipients or subrecipients of federal financial 
assistance, such as an electrician performing service upgrades to a public housing 
authority) are not subject to the same audit requirements as recipients and subrecipients. 


1.3. Program-Specific Audits 


Under certain circumstances, recipients are permitted to have a program-specific audit instead 
of a single audit. Entities not covered by the Single Audit Act are also eligible. 


The auditor must contact the Inspector General of the applicable federal agency and obtain 
a current program-specific audit guide. The auditor must follow GAGAS and the guide when 
performing a program-specific audit. If a program-specific audit guide is not available, 

the auditor has basically the same responsibilities as in an audit of a major program for a 
single audit. 


Pass Key 


All governmental audits carried out under the Single Audit Act are not the same: 


e Audits of an entire organization that include additional audit procedures on specific 
programs are called "single audits." These audits include a report on the financial 
statements of the whole organization and audit reports on the specific programs. 


e Audits of specific programs are called "program-specific audits" and do not include 
reports on the financial statements of the organization taken as a whole. 
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2  Auditee Responsibilities 


2.1 Auditor Selection 


Auditors must be selected using procurement standards established by federal guidelines. 
Procurement standards preclude limitations on competition, including: 


=m The use ofa single or sole source vendor (only considering one firm). 

= Providing preferences to local firms (giving advantages to firms based on geographic location). 
Proposals made by auditors must be evaluated for: 

= Responsiveness to the request for proposal. 

Relevant experience. 

The availability of professionally qualified staff. 

The results of peer reviews. 


Auditees must request a copy of the audit organization's peer review report. In selecting an 
auditor, the use of small and minority-owned businesses is encouraged. 


= Consultants engaged to develop indirect cost plans may not be engaged as the auditor 
when the indirect costs recovered by the auditee during the prior year exceed $1 million. 


Pass Key 


Auditor selection is made by the auditee, subject to federal guidelines that seek to ensure 
the appointment of an auditor possessing the necessary expertise through an open and 
competitive proposal process. 


2.2 Report Submission 


The audit report must be submitted within the earlier of: 
1. Thirty calendar days of receipt of the auditor's report; or 
2. Nine months after the end of the audit period. 


Reports must be retained for three years from the date of submission. Copies must be made 
available for public inspection (unless restricted by federal statute or regulation). 


The audit report must be submitted in the following format: 


= The report must be transmitted using a Data Collection Form that follows a specific data set 
required by the Office of Management and Budget (OMB). 


The form must be signed by a responsible official. 
The reporting package must include: 
e Financial statements 
e Asummary schedule of prior audit findings 
e Auditor's reports 
e Corrective action plans 
m The report must be submitted electronically. 
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Va Pass Key 


The organization subject to audit is responsible for the production of financial statements 
and a schedule of federal expenditures, along with corrective actions, in response to audit 
findings. Auditee reports, along with auditor reports and findings, must be submitted by 
the auditee within 30 days of receipt or nine months after the end of the audit period. 


3. Auditor Responsibilities 


3.1 The Scope of the Audit 


The auditor should express an opinion regarding the fair presentation of the financial 
statements and related schedules. In addition, the auditor should consider internal control, 
compliance, and previous audit findings. 


3.1.1. Internal Control 


The auditor should consider internal controls over compliance using major programs as a basis 
for both testing and reporting. Auditors have no responsibility to obtain an understanding of 
internal control over compliance or perform related tests of compliance for any federal program 
deemed to be nonmajor. 


Internal control guidance is taken from both the U.S. Office of the Comptroller General and the 
Committee of Sponsoring Organizations (COSO) Internal Control Framework as best practices 
for frameworks of internal controls. 


3.1.2 Tests of Transactions for Compliance 


The single audit act requires that the auditor design and test transactions of federal awards for 
compliance with statutes, regulations, and the terms and conditions of the federal awards. 


The audit must be planned to support a low assessed level of control risk of noncompliance for 
major programs. The auditor must plan and perform tests of controls over compliance for major 
programs, keeping in mind the following: 


= The auditor is not required to test controls that are ineffective. 
m Significant deficiencies and material weaknesses must be reported. 
m= When controls are deemed ineffective, additional tests of compliance must be considered. 


Compliance testing is required to provide evidence to support an opinion on compliance for 
each major program. The auditor attempts to obtain reasonable assurance that the auditee 
complied, in all material respects, with the compliance requirements. Testing procedures must 
be designed to detect both intentional and unintentional noncompliance, though intentional 
noncompliance may be actively concealed and difficult to detect. Subsequent discovery that 
material noncompliance with direct and material compliance requirements exists does not, in 
and of itself, evidence inadequate planning performance or judgment on the part of the auditor. 


= Testing may be performed at any stage of the audit concurrently with tests of operating 
effectiveness of controls, as separate substantive testing, or as a combination of the two. 
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= Auditors consider both audit risk of noncompliance and materiality for each major program 
to opine on the direct and material compliance requirements for each major program the 
auditor plans compliance tests to reduce detection risk of noncompliance. 


e The auditor must also consider both inherent and control risks of noncompliance. 


= Appropriate evidence mirrors the characteristics of audit evidence gathered in financial 
audits. 


= In determining the nature of tests of compliance with requirements governing major 
programs, consideration of the nature of those requirements will govern the character of 
the testing. For example: 


e Compliance testing covering cost principles is normally designed as a test of 
disbursements. 


e Compliance with procurement requirements is normally designed as a test of 
purchasing procedures. 


e Compliance with participant eligibility requirements is normally designed as a test of 
participant qualifications. 


3.1.3. Common Compliance Issues 


Compliance with federal laws, rules, and regulations are included in separate sections of the 
Uniform Guidance described in Title 2 of the Code of Federal Regulations (2CFR). Uniform 
Guidance includes both administrative requirements and cost principles that are common to all 
federal financial assistance and includes a compliance supplement that describes required audit 
procedures in a matrix of compliance requirements. 


= Uniform Requirements: Administrative Requirements 


The administrative requirements described in the uniform requirements deal with the 
federal regulations associated with all phases of the grant life cycle. Samples of federally 
mandated administrative requirements for grantees include: 


e Maintenance of appropriate internal controls over federal funds. 
e Identification and appropriate treatment of program income. 


e Compliance with procurement standards (such as open competition and appropriate 
vendors, documented procurement procedures, and methods of procurement based 
on dollar thresholds or procurement type). 


e Performance monitoring and reporting. 

e Subrecipient monitoring. 

e Record retention requirements. 

e Real property administration (including record keeping and disposition requirements). 
= Uniform Requirements: Cost Principles 


e Cost principles described in the Uniform Requirements define costs that are either 
generally unallowable or generally allowable. Few absolutes apply. The basic criteria 
for the allowability include whether a cost is reasonable and necessary and properly 
allocated to the federally funded program. Additionally, some costs may be allowable 
with prior approval of the federal awarding agency. 
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e Uniform requirements also include standards for indirect (facilities and administrative, 
or F&A) cost allocation methodologies. Cost allocation methods must be fair, 
reasonable, and consistently applied. A limited number of specific costs are described 
below as examples: 


— Costs that are generally allowable include compensation (personal services), 
equipment, direct costs, insurance, and indemnification. 


— Costs that are generally unallowable include organization costs, entertainment costs, 
fines, penalties, damages, and other settlements. 


= Uniform Requirements: Compliance Supplement 


The compliance supplement describes the general provisions that should be tested for 
specific grants. Tested areas mirror the Uniform Requirements but may be specifically 
required for audit focus by an awarding agency by reference to the matrix of compliance 
requirements. The general areas of testing may not all be uniformly required for all grants. 
Examples of compliance requirements include: 


e Activities allowed or unallowed 

e Allowable costs/cost principles 

e Cash management 

e — Eligibility 

e Equipment and real property management 
e Matching, level of effort, earmarking 

e Period of performance 

e Procurement suspension and debarment 
e Program income 

e Reporting 

e  Subrecipient monitoring 


e Special tests and provisions 


3.1.3. Previous Audit Findings 


The auditor is required to follow up on audit findings from previous audits. The auditor must 
perform procedures to assess the reasonableness of the summary schedule of prior audit 
findings prepared by the auditee. 


3.2 Audit Reporting 
The auditor should: 


1. Express an opinion regarding the fair presentation of the financial statements, in 
accordance with GAAP (Financial Statement Report). 


2. Express an opinion regarding the fair presentation of the Schedule of Expenditures of 
Federal Awards (SEFA) in relation to the financial statements (SEFA Report). 
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3. Report on internal control over financial reporting and compliance with federal statutes, 
regulations, and the terms and conditions for the federal award (Yellow Book Report 
required by GAGAS), including: 


e The scope of testing of internal control and compliance. 
e The results of tests. 
e Reference to a separate Schedule of Findings and Questioned Costs. 


4. Report on compliance for each major program and report on internal control over 
compliance (Single Audit Report) including: 


e The scope of testing of internal control over compliance with specific references to 
consideration of fraud, errors, and the concept of reasonable assurance. 


e Anopinion with regard to compliance with federal statutes, regulations, and the 
terms and conditions of the federal award and specific assertion regarding auditor 
independence. 


—For reportable instances of noncompliance with the requirements governing a major 
federal financial assistance program, reports should be qualified ("except for") or 
adverse, depending on materiality. 


—Immaterial instances of noncompliance should be reported, but need not be 
specifically identified. 


e Reference to a separate Schedule of Findings and Questioned Costs. 
5. Provide a Schedule of Findings and Questioned Costs that includes: 
e Asummary of the auditor's results: 


—The type of report issued by the auditor over the financial statements 
(e.g., unmodified, qualified, etc.). 


—A statement regarding whether significant deficiencies or material weaknesses in 
internal control were found during the financial statement audit. 


—A statement regarding whether significant deficiencies or material weaknesses in 
internal control over major programs were disclosed by the Single Audit. 


— Discovery of any material noncompliance. 


—The type of report the auditor issued on compliance for major programs 
(e.g., unmodified, adverse, etc.). 


—A statement regarding whether the audit disclosed any audit findings the auditor 
is required to report (significant deficiencies, material weaknesses, material 
noncompliance, known or likely questioned cost, known or likely fraud). 


—Identification of the major programs (a list of the major programs). 
—The dollar threshold used to distinguish between type A and type B programs 
—A statement as to whether the auditee qualified as a low-risk auditee 

e  GAGAS findings. 


e Findings and questioned costs for federal awards. 
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Va Pass Key 


Because single audits require that the financial statements also be audited, the Uniform 
Grant Guidance requires the use of both GAAS and GAGAS. 


Five reports are issued: 

1. Financial Statement Report (GAAS) 
SEFA Report (in relation to) 
GAGAS (Yellow Book) Report 
Single Audit Report 


hogs OS 


Schedule of Findings and Questioned Costs 


3.3. Audit Findings 


The auditor must report the following audit findings: 


= Significant deficiencies and material weaknesses in internal control over major programs 
and significant instances of abuse related to major programs. 


= Material noncompliance with provisions of federal statutes, regulations, or the terms and 
conditions of federal awards related to major programs. 


= Questioned costs of a given type of compliance requirement if those costs exceed $25,000. 


An auditor is performing compliance testing on a rental assistance program, a major 
program administered by a federally funded public housing authority. A compliance 
requirement for this major program is that tenants must meet eligibility requirements, 
including income limitations. The auditor finds that a number of tenants for whom rent 
subsidies have been claimed earned income in excess of the tenant income limitations. 
The auditor accumulates the amounts associated with the noncompliance and questions 
$36,000 of the public housing authority's rent subsidies. Because the questioned costs are 
greater than $25,000, the auditor is required to report them. 


=m The circumstances concerning why the auditor's report on compliance for each major 
program is other than an unmodified opinion, as applicable. 


= Known or likely fraud affecting a federal award. 


m= Instances in which the results of audit follow-up procedures disclosed that the summary 
schedule of prior audit findings prepared by the auditee was materially misrepresented. 


Findings must be stated clearly and in a manner that defines the deficiency and the implications 
of the deficiency. 
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3.4 Audit Documentation 


Audit documentation must be maintained for three years after the date of issuance. 


Contested audit findings or requests by the awarding or cognizant agency may extend the 
retention period. The cognizant agency is generally the lead agency that provides the most 
funding to the recipient and the one that receives and distributes the reports. 


Pass Key 


Both the auditor and the auditee must retain audit documentation for three years after 
issuance and receipt. 


3.5. Major Program Determination 
3.5.1 Risk-Based Approach 


The determination of major programs uses a risk-based approach and a four-step process. 
The risk-based approach includes the consideration of: 

® Current and prior audit experience 

= Oversight by federal agencies 

m= Inherent risk 


Audit workpapers should include documentation of the risk analysis defined in the federal 
guidance. Major programs determined in accordance with federal guidance will not be 
challenged by federal agencies. 


The four-step process is as follows: 


Step1 Identify type A (under most circumstances, $750,000 or more) and type B programs 
(those not meeting the requirements of type A). 


Step 2 Identify type A programs that are low risk. 


For a type A program to be considered low risk, it must have been audited as a major 
program in at least one of the two most recent audit periods. Type A programs cannot 
be low risk if they had: 


© material weaknesses in internal control for major programs; 
e amodified opinion on the program; or 


e known or likely questioned costs that exceed 5 percent of the total federal awards 
expended for the program. 
Step3 Identify type B programs that are high risk, using professional judgment. 


Step4 Ataminimum, major programs include all type A programs not identified as low risk 
and all type B programs identified as high risk that meet the coverage requirements 
described below. 


A5-94 Module 8 © Becker Professional Education Corporation. All rights reserved. 


AUD 5 Single Audits 


3.5.2 Percentage of Coverage 


For low-risk auditees, the auditor must test 20 percent of the total federal awards expended. 
For other auditees, the auditor must test 40 percent of the total federal awards expended. If 
the percentage of coverage requirements are not met after selecting all high-risk type A and 
high-risk type B programs, continuing selecting other programs until the threshold is met. 


Pass Key 


Auditors select major programs for audit using a risk-based approach that follows a 
specific methodology, but the process ultimately relies on auditor judgment. 


3.5.3 Criteria for Federal Program Risk 

Current and prior audit experience could indicate higher risk: 

= Multiple internal control structures 

= Weak monitoring systems for subrecipients 

= Programs not recently audited as major 

Oversight exercised by federal agencies and pass-through entities can be used to assess risk. 
The inherent risk of a federal program is increased by: 

= The complexity of the program (e.g., complex eligibility requirements). 

= Being in the early phase of a program's life cycle (with new or untested requirements). 
3.5.4 Criteria for a Low-Risk Auditee 

=m Single audits have been performed on an annual basis for two years. 

The financial statements received an unmodified opinion. 

No material weaknesses in internal control were identified under GAGAS. 


No going concern contingencies were reported. 


Type A programs, that had: 
e No material weaknesses in the auditor's report on internal controls over compliance. 
e No questioned costs in excess of 5 percent of the award expended. 


e No modified opinion on major programs. 
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4 Reporting Requirements 


The following chart summarizes when each of four reports is required. 


Recommended Reporting 


REQUIRED BY 
Government 
Auditing 
Report GAAS Standards Single Audits 


Opinion (or disclaimer) on financial 
statements and supplementary schedule v v v 
of expenditures of federal awards. 


Report on internal control and compliance 
with provisions of laws, regulations, v v 
contracts, and grant agreements. 


Report on compliance and internal control 
over compliance applicable to each major V 
program. This report must include an 

opinion (or disclaimer) on compliance. 


Schedule of findings and questioned costs. v 


Pass Key 


Remember that government audits and single audits require more work and responsibility 
for the auditor. The examiners usually focus on the additional audit report requirements. 


L Pass Key 


Government audit and single audit reports focus the reader on compliance with laws, rules, 
and regulations; the internal controls associated with maintaining compliance; and any 
findings of noncompliance. 
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SSARS Engagements 


1 Levels of Service 


CPAs can perform three levels of service with respect to unaudited financial statements of 
a nonissuer. 


1.1. Preparation 


The objective of a preparation engagement is to prepare financial statements in accordance with a 
specified financial reporting framework. The CPA does not perform any audit or review procedures. 
A preparation provides no assurance and is considered a non-attest service. Therefore, it does not 
require a determination of whether the accountant is independent of the entity. 


1.2 Compilation 


In a compilation engagement, the objective is to present in the form of financial statements 
information that is the representation of management without undertaking to express 

any assurance on the financial statements. The CPA does not perform any audit or review 
procedures. A compilation does not provide assurance, but because a report is required, it is 
an attest engagement. Although independence is not required, a determination of whether the 
accountant is independent of the entity is required. 


1.3 Review 


ACPA may express limited (negative) assurance on financial statements that have not been 
audited. The objective of a review engagement is to express limited assurance that there are 

no material modifications that should be made to the financial statements in order for the 
statements to be in conformity with the applicable financial reporting framework. A review is 
based on inquiry and analytical procedures performed by the CPA. A review is both an assurance 
engagement and an attest engagement. Independence is required. 


1.4 Performance of More Than One Service 


When an accountant performs more than one service (for example, a compilation and an audit), 
the accountant generally should issue the report that is appropriate for the highest level of 
service rendered. 


Via Pass Key 


e Attest—report 
e Non-attest—no report 
e Assurance—opinion (reasonable)/conclusion (limited) 


e No assurance—no opinion/conclusion 
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2 Professional Standards 


2.1 Statements on Standards for Accounting 

and Review Services (SSARS) 
The Accounting and Review Services Committee of the AICPA is the authoritative body 
designated to issue pronouncements in connection with the unaudited financial statements of 


nonissuers. The pronouncements issued are known as Statements on Standards for Accounting 
and Review Services, or SSARS. 


An accountant should: 

1. have sufficient knowledge to identify applicable SSARS; 
2. exercise professional judgment in applying SSARS; and 
3. be able to justify departures from SSARS. 


Specific language is used within SSARS to clarify the accountant's level of responsibility. The 
terms "must" and "should" are defined as described in A1. 


2.2 SSARS Applicability 


SSARS provide standards with respect to preparations, compilations, and reviews of financial 
statements. An accountant who is engaged to prepare, compile, or review unaudited financial 
statements of a nonissuer should comply with SSARS. 


= Nonissuer: A nonissuer is an entity (i) for which securities are not registered with the SEC; 
(ii) that is not required to file reports with the SEC; and (iii) that has not filed a registration 
statement (that is still pending) with the SEC. 


SSARS also apply to engagements in which the accountant is engaged to prepare, compile or 
review specified elements, accounts, or items of a nonissuer's financial statements, or engaged 
to prepare or compile pro forma financial information of a nonissuer. 


2.3. SSARS Do Not Apply 


2.3.1 Other Accounting Services 


SSARS do not apply to other accounting services provided by accountants, such as preparing one 
or a few adjusting or correcting entries, consulting on financial matters, preparing tax returns, 
rendering manual or automated bookkeeping or data processing services, and processing 
financial data for clients of other accounting firms. 


= Note that if the accountant prepares many adjusting or correcting entries, this could be 
considered preparation of financial statements, and SSARS would apply. The accountant 
must exercise judgment in making this determination. 


2.3.2 Reviews of Interim Financial Statements 


SSARS are not applicable to reviews of interim financial information of nonissuers whose 
annual financial statements are audited. Statements on Auditing Standards (SAS) apply to these 
engagements. 
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3 Elements of SSARS Engagements 


Preparation, compilation, and review engagements include the following elements. 


3.1 Three-Party Relationship 


Preparation, compilation, and review engagements involve three parties: management (the 
responsible party), an accountant in the practice of public accounting, and the intended users of 
the financial statements or financial information. 


3.1.1 Management 
The responsibilities of management—and when appropriate, those charged with governance—are: 


= The identification of an applicable financial reporting framework and individual accounting 
policies when alternatives are provided by the financial reporting framework; 


=m The preparation and fair presentation of the financial statements in accordance with 
that framework; 


The design, implementation, and maintenance of internal control; 
Preventing and detecting fraud; 


Ensuring that the entity complies with laws and regulations; 


The accuracy and completeness of the records, documents, explanations, and other 
information, including significant judgments provided by management for the preparation 
of financial statements; and 


= Providing the accountant with access to all information and access to persons within the 
entity of which the accountant determines it necessary to make inquiries. 


The accountant should not accept an engagement to be performed in accordance with SSARS when 
management is unwilling to accept these responsibilities. In addition, an accountant should not 
accept an engagement if the accountant has reason to believe that information needed to perform 
the engagement is unavailable or unreliable or if the accountant doubts management's integrity. 


3.1.2 Accountant in the Practice of Public Accounting 


The accountant should possess knowledge of the accounting principles and practices of the 
industry in which the entity operates that will enable the accountant to prepare, compile, or 
review the financial statements. An accountant should not accept an engagement if preliminary 
understanding of the engagement circumstances indicates that ethical requirements regarding 
quality control cannot be satisfied. 


= The accountant should comply with relevant ethical requirements, including the AICPA Code 
of Professional Conduct, together with rules of state boards of accountancy and applicable 
regulatory agencies. 


=m The accountant should exercise professional judgment in the performance of an 
engagement in accordance with SSARS. 


m  SSARS also require the accountant maintain appropriate engagement level quality control. 


3.1.3 Intended Users 


The intended users are the person(s) or class of persons who understand the limitations of the 
engagement and the financial statements. Management and the intended users may be the 
same. Intended users may be from the same entity or from different entities. The accountant 
has no responsibility to identify the intended users. 
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3.2. Establish an Understanding With the Client 


All SSARS engagements require a written agreement with management, and, when appropriate, 
those charged with governance, regarding the terms of the engagement. 


3.3. Compilations or Reviews Conducted in Accordance With SSARS 
and Another Set of Standards 


When the accountant performs a compilation or review in accordance with SSARS and another 
set of standards, the accountant's compilation or review report should identify the other set of 
compilation or review standards, as well as its origin in the compilation or review report. 


3.4 Other Frameworks 


Financial statements may be prepared in accordance with a financial reporting framework other 
than GAAP or IFRS. For example, financial statements may be prepared in accordance with a 
special purpose framework or a framework generally accepted in another country. 


3.4.1 Special Purpose Framework 


Financial statements prepared in accordance with a special purpose framework are not 
considered appropriate in form unless the financial statements include: 


1. adescription of the special purpose framework, including a summary of significant 
accounting policies and a description of the material differences from GAAP; and 


2. disclosures similar to those required by GAAP if the financial statements contain items that 
are similar to those included in financial statements prepared in accordance with GAAP. 


3.4.2 Financial Reporting Framework Generally Accepted in Another Country 


When performing a compilation or review on financial statements prepared in accordance with 
a financial reporting framework generally accepted in another country, the accountant should 
obtain an understanding of such framework and follow the appropriate reporting requirements 
depending on the distribution of the report: 


= Distribution Outside the United States 


If the accountant is issuing an accountant's compilation or review report on financial 
statements and the financial statements are intended for use only outside the United States, 
the accountant should use either of the following: 


e Areport in accordance with SSARS that includes a statement that refers to the note of 
the financial statements that describes the basis of presentation, including identification 
of the country of origin of the accounting principles. 


e  Areport in accordance with another set of compilation or review standards. 
= Distribution in the United States 


If the financial statements will be used in the United States, the accountant should report in 
accordance with SSARS, including the requirements related to financial statements prepared 
in accordance with a special purpose framework. 


3.5 Financial Statements or Financial Information 


The financial reporting framework determines what constitutes a complete set of financial 
statements. An accountant may be engaged to prepare, compile, or review a complete set of 
financial statements or an individual financial statement. Financial statements may be for an 
annual period, or for a shorter or longer period. 
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4 Subsequent Events and Subsequently Discovered Facts 


4.1 Subsequent Events 


When evidence or information about subsequent events that require adjustment of, or 
disclosure in, the financial statements comes to the accountant's attention, the accountant 
should request that management consider whether each such event is appropriately reflected 
in the financial statements in accordance with the applicable financial reporting framework. If 
the accountant determines that the subsequent event is not adequately accounted for in the 
financial statements or disclosed in the notes, the accountant should treat as a departure from 
GAAP or applicable financial reporting framework. 


4.2 Subsequently Discovered Facts That Become Known 
to the Accountant Before the Report Release Date 


The accountant is not required to perform any review procedures regarding the financial 
statements after the date of the review report. However, if a subsequently discovered fact 
becomes known to the accountant after the date of the review report but before the report 
release date, the accountant should: 


1. discuss the matter with management and, when appropriate, those charged with 
governance; and 


2. determine whether the financial statements need revision and, if so, inquire how 
management intends to address the matter in the financial statements. 


If management updates the financial statements, the accountant should perform the additional 
review procedures. The accountant should also either: 


1. date the accountant's review report as of a later date; or 
2. dual date the review report. 


If management does not revise the financial statements and the accountant believes they need 
to be revised, the accountant should modify the review report. 


4.3. Subsequently Discovered Facts That Become Known 
to the Accountant After the Report Release Date 


Usually, an accountant has no obligation to make continuing inquiries after the date of the 
report. However, if an accountant becomes aware of material information that existed as of 
the date of his or her report that would have affected the report and that persons are currently 
relying or are likely to rely on the financial statements covered by the report, the accountant 
should take appropriate action. 


4.3.1 Accountant Action 


Upon discovering, after issuance of the report, information (confirmed by the accountant) that 
materially affects the report and other persons' reliance on it, the accountant should advise the 
client to immediately disclose the new information and its impact on the financial statements to 
persons currently relying or likely to rely on the financial statements. 


The accountant should discuss the matter with management and, when appropriate, those 
charged with governance and determine whether the financial statements need revision and, if 
so, inquire how management intends to address the matter in the financial statements. 
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If management revises the financial statements, the accountant should perform the review 
procedures necessary in the circumstances on the revision. 


The accountant also should either: 
1. date the accountant's review report as of a later date; or 


2. include an additional date in the accountant's review report on the revised financial 
statements that is limited to the revision (that is, dual-date the accountant's review report 
for that revision), thereby indicating that the accountant's review procedures subsequent to 
the original date of the accountant's review report are limited solely to the revision of the 
financial statements described in the relevant note to the financial statements. 


If the reviewed financial statements (before revision) have been made available to third parties, 
assess whether the steps taken by management are timely and appropriate to ensure that 
anyone in receipt of those financial statements is informed of the situation, including that the 
reviewed financial statements are not to be used. 


If the accountant's conclusion on the revised financial statements differs from the accountant's 
conclusion on the original financial statements, disclose in an emphasis-of-matter paragraph 
the date of the accountant's previous report, a description of the revisions, and the substantive 
reasons for the revisions. The accountant must become satisfied that appropriate steps have 
been taken by the client. 


4.3.2 Management's Action 
Management's steps may include the following: 


= Notify anyone who is known to be using, or who is likely to use, the financial statements 
and the accountant's review report that they are not to be used and that revised financial 
statements, together with a new accountant's review report, will be issued. This may be 
necessary when the issuance of revised financial statements and a new accountant's review 
report is not imminent. 


=m Issue, as soon as practicable, revised financial statements with appropriate disclosure 
of the matter. 


=m Issue the subsequent period's financial statements with appropriate disclosure of the 
matter. This may be appropriate when issuance of the subsequent period's reviewed or 
audited financial statements is imminent. 


4.3.3 Client Refuses to Follow Procedures 


If the client refuses to proceed as above, the accountant should notify the appropriate entity 
personnel, such as the manager (owner) or board of directors, of such refusal and of the fact the 
accountant will take additional steps to prevent further reliance on the accountant's report and 
the financial statements, such as the following: 


= Notify the client that the accountant's report must no longer be associated with the 
financial statements. 


= Notify, if applicable, any regulatory agencies having jurisdiction over the client that the 
accountant's report should no longer be relied on. 


= Notify persons known to be relying or likely to rely on the financial statements that the 
accountant's report should no longer be relied on. 
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Any notification to parties other than the client should be as precise and factual as possible, and 
should contain a description of the effect the discovered information would have had on the 
accountant's report on the financial statements. 


If the client has refused to cooperate, and as a result the accountants were unable to conduct 
an adequate investigation of the information, the accountants' disclosure need only state that 
information has come to their attention and that, if the information is true, their report should 
no longer be relied on or be associated with the financial statements. 


The accountants should use their professional judgment in the circumstances described above, 
and it may be advisable to consult legal counsel. 


5 Reporting Fraud and Noncompliance With Laws 
and Regulations 


In a SSARS (Statements on Standards for Accounting and Review Services) engagement, if an 
accountant becomes aware that fraud or noncompliance with laws and regulations may have 
occurred, such matters should be communicated to an appropriate level of management. 
Management should be asked to consider the effect of the fraud or noncompliance with laws 
and regulations on the financial statements. The accountant should consider the impact of the 
matter on the compilation or review report. When the accountant believes that the financial 
statements are materially misstated, the accountant should obtain additional or revised 
information. If the entity will not provide additional or revised information, the accountant 
should withdraw from the engagement. 


=  Inconsequential Matters: Inconsequential matters need not be communicated. 


= Documentation: Communication may be made in writing or orally, but oral 
communications should be documented. 


= Other Options: The accountant should consider withdrawing or consulting legal counsel if 
fraud or noncompliance with laws and regulations involve an owner of the business. 


= Confidentiality: Obligations of confidentiality preclude disclosure outside the entity, 
except in certain limited circumstances (e.g., legal/regulatory requirements, successor 
accountant, subpoena). 
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Preparation 
Engagements 


1 Preparation of Financial Statements 


The objective of the accountant in a preparation engagement is to prepare financial statements 
in accordance with a specified financial reporting framework. 


Accountants should follow SSARS standards on preparation engagements when they are 
engaged to prepare financial statements. Preparation standards do not apply when an 
accountant prepares financial statements and: 


=m is engaged to perform an audit, review, or compilation of those financial statements; 
= solely for submission to taxing authorities; 

= for inclusion in written personal financial plans prepared by the accountant; 

a 


in conjunction with litigation services that involve pending or potential legal or regulatory 
proceedings; or 


= in conjunction with business valuation services. 


Ve Pass Key 


An engagement to prepare financial statements is a non-attest service and does not 
require a determination about whether the accountant is independent of the entity. 


1.1. Establishing an Understanding With the Client 


The accountant should establish an understanding with management and, when appropriate, 
those charged with governance, regarding the services to be performed for the preparation 
engagement and should document the understanding in an engagement letter. 


The understanding with management should include: 
=m The objectives of the engagement. 
m Management's responsibilities. 


m The agreement of management that each page of the financial statements will include 
a statement indicating that no assurance is provided on the financial statements or the 
accountant will be required to issue a disclaimer that makes clear that no assurance is 
provided on the financial statements. 


=m The accountant's responsibilities. 


= The limitations of the engagement. 
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= Identification of the applicable financial reporting framework. 


m= Whether the financial statements are to contain a known departure or departures from 
the applicable financial reporting framework (including inadequate disclosure) or omit 
substantially all disclosures required by the applicable financial reporting framework. 


The engagement letter or other suitable form of written agreement should be signed by the 
accountant or the accountant's firm and management or those charged with governance, 
as appropriate. 


1.1.1 Sample: Preparation Engagement Letter 


[Appropriate representative of management of ABC Company] 


You have requested that we prepare the financial statements of ABC Company, which 
comprise the balance sheet as of December 31, 20XX, and the related statements of 
income, changes in stockholders’ equity, and cash flows for the year then ended and 
the related notes to the financial statements. We are pleased to confirm our acceptance 
and our understanding of this engagement to prepare the financial statements of ABC 
Company by means of this letter. 


Our Responsibilities 


The objective of our engagement is to prepare financial statements in accordance with 
accounting principles generally accepted in the United States of America based on 
information provided by you. We will conduct our engagement in accordance with 
Statements on Standards for Accounting and Review Services (SSARS) promulgated by the 
Accounting and Review Services Committee of the AICPA and comply with the AICPA's Code 
of Professional Conduct, including the ethical principles of integrity, objectivity, professional 
competence, and due care. 


We are not required to, and will not, verify the accuracy or completeness of the information 
you will provide to us for the engagement or otherwise gather evidence for the purpose 

of expressing an opinion or a conclusion. Accordingly, we will not express an opinion or a 
conclusion or provide any assurance on the financial statements. 


Our engagement cannot be relied upon to identify or disclose any financial statement 
misstatements, including those caused by fraud or error, or to identify or disclose any 
wrongdoing within the entity or noncompliance with laws and regulations. 


Management Responsibilities 


The engagement to be performed is conducted on the basis that management 
acknowledges and understands that our role is the preparation of the financial statements 
in accordance with the accounting principles generally accepted in the United States of 
America. Management has the following overall responsibilities that are fundamental to 
our undertaking this engagement, in accordance with SSARS, to prepare your financial 
statements: 


a. The selection of accounting principles generally accepted in the United States of 
America as the financial reporting framework to be applied in the preparation of the 
financial statements. 


b. The prevention and detection of fraud. 


(continued) 
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(continued) 


To ensure that the entity complies with the laws and regulations applicable to its activities. 


d. The accuracy and completeness of the records, documents, explanations, and other 
information, including significant judgments, you provide to us for the engagement to 
prepare financial statements. 


e. To provide us with: 


1. Documentation, and other related information that is relevant to the preparation 
and presentation of the financial statement; 


2. Additional information that may be requested for the purpose of the preparation 
of the financial statements; and 


3. Unrestricted access to persons within ABC Company to whom we determine 
necessary to communicate. 


The financial statements will not be accompanied by a report. However, you agree that the 
financial statements will clearly indicate that no assurance is provided on them. 


[/f the accountant expects to issue a disclaimer, instead of the preceding paragraph, the following 
may be added: As part of our engagement, we will issue a disclaimer that will state that the 
financial statements were not subjected to an audit, review, or compilation engagement by us, 
and accordingly, we do not express an opinion, a conclusion, nor provide any assurance on them.] 


Other Relevant Information 
Our fees for these services .... 


[The accountant may include language, such as the following, regarding limitation of, or other 
arrangements regarding, the liability of the accountant or the entity, such as indemnification 
to the accountant for liability arising from knowing misrepresentations to the accountant by 
management (regulators may restrict or prohibit such liability limitation arrangements): 


You agree to hold us harmless and to release, indemnify, and defend us from any liability or 
costs, including attorney's fees, resulting from management's knowing misrepresentations to us.] 


Please sign and return the attached copy of this letter to indicate your acknowledgment of, and 
agreement with, the arrangements for our engagement to prepare the financial statements 
described herein, and our respective responsibilities. 


Sincerely yours, 


[Signature of accountant or accountant's firm] 


Acknowledged and agreed on behalf of ABC Company by: 


[Name, title, and date] 
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2 Preparation Requirements 


The following performance requirements are applicable to a preparation. 


2.1 Possess Knowledge of and Understanding 
of the Entity's Financial Reporting Framework 


The accountant should obtain an understanding of the financial reporting framework and 

the significant accounting policies intended to be used in the preparation of the financial 
statements. This does not prevent accountants from accepting engagements in an industry in 
which the accountants have no previous experience. However, the accountants are responsible 
for gaining the required level of knowledge. 


2.2 Prepare the Financial Statements 


The accountant should prepare the financial statements using the records, documents, 
explanations, and other information provided by management. 


If, during the preparation of the financial statements, the accountant assists management 
with significant judgments regarding amounts or disclosures to be reflected in the financial 
statements, the accountant should discuss those judgments with management so that 
management understands and accepts responsibility for those judgments. 


The accountant should ensure that a statement is included on each page of the financial 
statements indicating that "no assurance is provided" on the financial statements. The 
accountant or accountant's firm name is not required to be included in prepared financial 
statements. Examples of statements that would be placed on each page of the financial 
statement include: 


=m No assurance is provided on these financial statements. 


= These financial statements have not been subjected to an audit, review, or compilation 
engagement, and no assurance is provided on them. 


Other statements that convey that no assurance is provided on the financial statements are 
also acceptable. 


If the accountant is unable to include a statement on each page of the financial statements, the 
accountant should do one of the following: 


= issue a disclaimer that makes clear that no assurance is provided on the financial statements; 
= perform a compilation engagement; or 


= withdraw from the engagement and inform management of the reasons for withdrawing. 
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2.2.1 Sample Report: Disclaimer on Preparation of Financial Statements 


The accompanying financial statements of XYZ Company as of and for the year 
ended December 31, 20XX, were not subjected to an audit, review, or compilation 
engagement by us, and accordingly, we do not express an opinion, a conclusion, 
nor provide any assurance on them. 


[Signature of accounting firm or accountant, as appropriate] 
[Accountant's city and state] 
[Date] 


3 Other Preparation Considerations 


3.1. Financial Statements Prepared With a Special Purpose Framework 


The accountant should include a description of the financial reporting framework on the face 
of the financial statements or in a note to the financial statements when preparing financial 
statements in accordance with a special purpose framework. 


3.2. Inaccurate or Incomplete Financial Statements 


Accountants are not required to, but may, make inquiries or perform other procedures to verify, 
corroborate, or review the information supplied by the client. However, if they discover the 
information is incorrect, incomplete, or unsatisfactory, they should obtain additional or revised 
information from the client. 


If, after discussion with management, the accountant prepares financial statements that 
contain a known departure or departures from the applicable financial reporting framework, 
the accountant should disclose the material misstatement or misstatements in the financial 
statements or withdraw from the engagement and inform management of the reasons 

for withdrawing. 


3.3. Financial Statements That Omit Substantially All Disclosures 


If requested by the client, an accountant may prepare financial statements that omit 
substantially all disclosures required by the applicable financial reporting framework (but are 
otherwise in conformity with the financial reporting framework). The accountant may prepare 
these statements provided: 


= The accountant discloses such omission either in the financial statements or in an 
accompanying disclaimer. 


= Inthe accountant's professional judgment, such financial statements would not be 
misleading to users of the financial statements. 


If the accountant concludes that limited disclosure is acceptable and if the financial statements 
include only limited notes, the notes may be labeled as follows: 


Selected Information—Substantially All Disclosures Required by [the applicable financial 
reporting framework] Are Not Included. 
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4 Documentation in a Preparation Engagement 


Documentation provides the support that the accountant complied with SSARS when performing 
the preparation engagement. Documentation should provide clear detail of the work performed. 
The form and content of the documentation depends on the engagement, the methodology and 
tools, and the accountant's professional judgment. 


Documentation should include: 

m The engagement letter. 

= Acopy of the financial statements prepared by the accountant. 
=m Any significant findings or issues. 

Other Information that may be included in documentation includes: 


= Oral or written communications with management regarding fraud or noncompliance with 
laws and regulations that came to the accountant's attention. 


= If, in rare circumstances, the accountant judges it necessary to depart from a relevant 
presumptively mandatory requirement, the justification for the departure and how the 
alternative procedures performed in the circumstances were sufficient to achieve the intent 
of that requirement. 
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1 Compilation of Financial Statements 


A compilation of financial statements is a service, the objective of which is to apply accounting 
and financial reporting expertise to assist management in the presentation of financial 
statements without undertaking to obtain or provide any assurance on the financial statements. 


Because a compilation engagement is not an assurance engagement, a compilation engagement 
does not require the accountant to verify the accuracy or completeness of the information 
provided by management or otherwise gather evidence to express an opinion or a conclusion 
on the financial statements. 


1.1 Establishing an Understanding With the Client 


The accountant should establish an understanding with management and, when appropriate, 
those charged with governance, regarding the services to be performed for the compilation 
engagement and should document the understanding in an engagement letter. 


The understanding with management should include: 
=m The objectives of the engagement. 

m Management's responsibilities. 

=m The accountant's responsibilities. 
a 


The limitations of the engagement, including a statement that the engagement cannot be 
relied upon to disclose errors, fraud, or noncompliance with laws and regulations. 


Identification of the applicable financial reporting framework. 


=m The expected form and content of the accountant's compilation report, and a statement that 
there may be circumstances in which the report may differ from its expected form and content. 


The engagement letter or other suitable form of written agreement should be signed by the 
accountant or the accountant's firm and management or those charged with governance, 
as appropriate. 


1.1.1 Sample: Compilation Engagement Letter 


[Appropriate representative of management of ABC Company] 


You have requested that we prepare the financial statements of ABC Company, which 
comprise the balance sheet as of December 31, 20XX, and the related statements of 
income, changes in stockholder's equity, and cash flows for the year then ended and the 
related notes to the financial statements. We are pleased to confirm our acceptance and 
our understanding of this engagement by means of this letter. 


(continued) 
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(continued) 


Our Responsibilities 
The objective of our engagement is to: 


a. prepare financial statements in accordance with accounting principles generally 
accepted in the United States of America based on information provided by you; and 


b. apply accounting and financial reporting expertise to assist you in the presentation 
of financial statements without undertaking to obtain or provide any assurance that 
there are no material modifications that should be made to the financial statements 
in order for them to be in accordance with accounting principles generally accepted in 
the United States of America. 


We will conduct our engagement in accordance with Statements on Standards for 
Accounting and Review Services (SSARS) promulgated by the Accounting and Review 
Services Committee of the AICPA and comply with the AICPA's Code of Professional 
Conduct, including the ethical principles of integrity, objectivity, professional competence, 
and due care. 


We are not required to, and will not, verify the accuracy or completeness of the information 
you will provide to us for the engagement or otherwise gather evidence for the purpose 

of expressing an opinion or a conclusion. Accordingly, we will not express an opinion or a 
conclusion or provide any assurance on the financial statements. 


Our engagement cannot be relied upon to identify or disclose any financial statement 
misstatements, including those caused by fraud or error, or to identify or disclose any 
wrongdoing within the entity or noncompliance with laws and regulations. 


Management Responsibilities 


The engagement to be performed is conducted on the basis that management 
acknowledges and understands that our role is to prepare financial statements in 
accordance with the accounting principles generally accepted in the United States of 
America and assist you in the presentation of the financial statements in accordance with 
accounting principles generally accepted in the United States of America. Management 
has the following overall responsibilities that are fundamental to our undertaking the 
engagement in accordance with SSARS: 


a. The selection of accounting principles generally accepted in the United States of 
America as the financial reporting framework to be applied in the preparation of the 
financial statements. 


b. The preparation and fair presentation of financial statements in accordance with 
accounting principles generally accepted in the United States of America. 


c. The design, implementation, and maintenance of internal control relevant to the 
preparation and fair presentation of the financial statements. 


d. The prevention and detection of fraud. 


e. To ensure that the entity complies with the laws and regulations applicable to its activities. 


(continued) 
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(continued) 


f. To make all financial records and related information available to us. 


g. The accuracy and completeness of the records, documents, explanations, and other 
information, including significant judgments, you provide to us for the engagement to 
prepare financial statements. 


Management is also responsible for all management decisions and responsibilities and for 
designating an individual with suitable skills, knowledge, and experience to oversee our 
preparation of your financial statements. You are responsible for evaluating the adequacy 
and results of services performed and accepting responsibility for such services. 


Our Report 


As part of our engagement, we will issue a report that will state that we did not audit or 
review the financial statements and, that, accordingly, we do not express an opinion, a 
conclusion, nor provide any assurance on them. 


You agree to include our accountant's compilation report in any document containing 
financial statements that indicates that we have performed a compilation engagement on 
such financial statements and, prior to inclusion of the report, to ask our permission to do so. 


Other Relevant Information 
Our fees for these services... . 


[The accountant may include language, such as the following, regarding limitation of or other 
arrangements regarding the liability of the accountant or the entity, such as indemnification 
to the accountant for liability arising from knowing misrepresentations to the accountant by 
management (regulators may restrict or prohibit such liability limitation arrangements): 


You agree to hold us harmless and to release, indemnify, and defend us from any liability or 
costs, including attorney's fees, resulting from management's knowing misrepresentations to us.] 


Please sign and return the attached copy of this letter to indicate your acknowledgment 
of, and agreement with, the arrangements for our engagement to prepare the financial 
statements described herein and to perform a compilation engagement with respect to 
those financial statements, and our respective responsibilities. 


Sincerely yours, 


[Signature of accountant or accountant's firm] 


Acknowledged and agreed on behalf of ABC Company by: 


[Name, title, and date] 
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2 Compilation Requirements 


The following performance requirements are applicable to a compilation. 


2.1 Knowledge of Industry Accounting Principles and Practices 


Accountants should possess adequate knowledge of the accounting principles and practices 

of a client's industry to enable them to compile financial statements in an appropriate form. 
This does not prevent accountants from accepting engagements in an industry in which the 
accountants have no previous experience. However, the accountants are responsible for gaining 
the required level of knowledge. 


2.2 Reading the Financial Statements 


Before issuing a report, accountants should read the compiled financial statements and consider 
whether they are appropriate in form and free from obvious material errors. The term "error" 
refers to arithmetical and clerical mistakes, as well as to mistakes related to the applicable 
financial reporting framework. 


2.3. Noncompliance With Laws and Regulations, Going Concern, 
and Subsequent Events 


If an accountant becomes aware that noncompliance with laws and regulations may have 
occurred, that there is a going concern uncertainty, or that a subsequent event has occurred, he 
or she should request management to consider the effect on the financial statements, evaluate 
management conclusions, and consider the effect of the matter on the compilation report. 


2.4 Financial Statements That May Be Inaccurate or Incomplete 


Accountants are not required to, but may, make inquiries or perform other procedures to verify, 
corroborate, or review the information supplied by the client. However, if they discover the 
information is incorrect, incomplete, or unsatisfactory, they should obtain additional or revised 
information from the client. If the client refuses to provide such information, the accountants 
should withdraw from the compilation engagement. 


If, in the course of the engagement, the accountant becomes aware that the records, 
documents, explanations, or other information, including significant judgments, provided by 
management are incomplete, inaccurate, or otherwise unsatisfactory, the accountant should 
bring that to the attention of management and request additional or corrected information. 


The accountant should withdraw from the engagement and inform management of the reasons 
for withdrawing if the accountant is unable to complete the engagement because management 
has failed to provide records, documents, explanations, or other information, including 
significant judgments, as requested, or management does not make appropriate revisions 

that are proposed by the accountant or does not disclose such departures in the financial 
statements, and the accountant determines to not disclose such departures in the accountant's 
compilation report. 
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2.5 Documentation in a Compilation Engagement 


Documentation provides the support that the accountant complied with SSARS when performing 
the compilation engagement. Documentation should include: 


m The engagement letter. 

= Acopy of the financial statements. 

= Acopy of the accountant's report. 

Other information that may be included in the documentation includes: 
=m Any significant findings or issues, including the following: 


e Results of compilation procedures indicating that the financial statements could be 
materially misstated and the actions taken to address these findings. 


e The resolution of questions and concerns raised during compilation procedures. 


= Oral or written communications with management regarding fraud or noncompliance with 
laws and regulations that came to the accountant's attention. 


3 Reporting on a Compilation 


3.1 Overview 


The report is the method by which the accountant communicates the extent of the responsibility 
assumed for the financial statements. An accountant may issue a compilation report when the 
accountant has complied with the standards for a compilation. 


The accountant's report in a compilation engagement should be in writing and: 
=m Include a statement that management is responsible for the financial statements. 
= Identify the financial statements that have been subjected to the compilation engagement. 


= Identify the entity for which financial statements have been subjected to the compilation 
engagement. 


=m Specify the date or period covered by the financial statements. 


= Include a statement that the accountant performed the compilation engagement in 
accordance with SSARS promulgated by the Accounting and Review Services Committee 
of the AICPA. 


=m Include a statement that the accountant did not audit or review the financial statements 
nor was the accountant required to perform any procedures to verify the accuracy or 
completeness of the information provided by management, and, accordingly, does not 
express an opinion, a conclusion, nor provide any assurance on financial statements. 


= Include the signature of the accountant or the accountant's firm. 


=m Include the city and state where the accountant practices (this may be indicated in 
the letterhead). 


= Include the date of the report. 
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Additional paragraphs are required when: 

=m Financial statements are prepared in accordance with a special purpose framework. 
Disclosures are omitted. 

The accountant is not independent. 


There are known departures from the applicable financial reporting framework. 


The financial statements include supplementary information. 


3.2 Additional Requirements 


Each page of the statements should be marked "see Accountant's Compilation Report" or "see 
Independent Accountant's Compilation Report." 


SSARS do not require that the compilation report be printed on the accountant's letterhead. The 
signature of the accountant or the accountant's firm may be manual, printed, or digital. 


At the accountant's discretion, a separate paragraph of the report may be used to emphasize 
any matter already disclosed in the financial statements, such as going concern issues or 
subsequent events. 


3.2.1 Sample Report: Standard Compilation Report 


Management is responsible for the accompanying financial statements of XYZ Company, 
which comprise the balance sheets as of December 31, 20X2 and 20X1, and the related 
statements of income, changes in stockholders' equity, and cash flows for the years then 
ended, and the related notes to the financial statements in accordance with accounting 
principles generally accepted in the United States of America. We have performed 
compilation engagements in accordance with Statements on Standards for Accounting 
and Review Services promulgated by the Accounting and Review Services Committee 

of the AICPA. We did not audit or review the financial statements nor were we required 
to perform any procedures to verify the accuracy or completeness of the information 
provided by management. Accordingly, we do not express an opinion, a conclusion, nor 
provide any form of assurance on these financial statements. 


[Signature of accounting firm or accountant] 
[Accountant's city and state] 
[Date] 
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3.3. Reporting on Financial Statements That Are Prepared 
in Accordance With a Special Purpose Framework 


If management has a choice of financial reporting frameworks in the preparation of the special 
purpose financial statements, the explanation of management's responsibility for the financial 
statements also makes reference to its responsibility for determining that the applicable 
financial reporting framework is acceptable in the circumstances. A compilation report 
prepared in accordance with a special purpose framework should also include an additional 
paragraph that: 


= indicates that the financial statements are prepared in accordance with the applicable 
special purpose framework, refers to the note to the financial statements that describes the 
framework (if notes are included), and states that the special purpose framework is a basis 
of accounting other than GAAP. 


= if prepared in accordance with a contractual basis of accounting, states that, as a result, the 
financial statements may not be suitable for another purpose. 


3.4 Reporting on Financial Statements 
That Omit Substantially All Disclosures 


Similar to a preparation, if requested by the client, an accountant may compile financial 
statements that omit substantially all disclosures required by the applicable financial reporting 
framework (but are otherwise in conformity with the financial reporting framework). The 
accountant may compile these statements provided: 


=m The accountant's report clearly indicates the omission by including an additional paragraph 
disclosing such omissions. This paragraph should state that if the disclosures were 
included, they might influence the user's conclusions, and should indicate that the financial 
statements are not designed for those who are uninformed about the omitted disclosures. 


m= Inthe accountant's professional judgment, the financial statements would not be misleading 
to users. 


Y gs Pass Key 


The omission of one or more notes, when substantially all other disclosures are presented, 
should be treated in a compilation report like any other departure from the applicable 
financial reporting framework. 


Jones Retailing, a nonpublic entity, has asked Winters, CPA, to compile financial statements 
that omit substantially all disclosures required by generally accepted accounting principles 
(but are otherwise in conformity with GAAP). Winters may compile such financial 
statements provided the omission is not misleading the users of the financial statements 
and is properly disclosed in the accountant's report. 
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L Pass Key 


Compiled financial statements that omit GAAP disclosures are acceptable if the: 


e Financial statements are otherwise in conformity with GAAP. 
e The financial statements would not be misleading to users. 


e Compilation report warns the user of missing disclosures. 


3.4.1 Sample Report: Compilation Report on Financial Statements 
That Omit Substantially All Disclosures 


Management is responsible for the accompanying financial statements of XYZ Partnership, 
which comprise the statements of assets, liabilities, and partners’ capital tax basis as of 
December 31, 20X2 and 20X1, and the related statements of revenue and expenses tax basis, 
and changes in partners’ capital tax basis for the years then ended in accordance with the 
tax basis of accounting, and for determining that the tax basis of accounting is an acceptable 
financial reporting framework. We have performed compilation engagements in accordance 
with Statements on Standards for Accounting and Review Services promulgated by the 
Accounting and Review Services Committee of the AICPA. We did not audit or review 

the financial statements nor were we required to perform any procedures to verify the 
accuracy or completeness of the information provided by management. Accordingly, we 
do not express an opinion, a conclusion, nor provide any form of assurance on these 
financial statements. 


The financial statements are prepared in accordance with the tax basis of accounting, which is 
a basis of accounting other than accounting principles generally accepted in the United States 
of America. 


Management has elected to omit substantially all the disclosures required by [the applicable 
financial reporting framework]. If the omitted disclosures were included in the financial 
statements, they might influence the user's conclusions about the company's financial position, 
results of operations, and cash flows. Accordingly, the financial statements are not designed for 
those who are not informed about such matters. 


[Signature of accounting firm or accountant] 
[Accountant's city and state] 
[Date] 
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3.5 Departures From the Applicable Financial Reporting Framework 


Departures from the applicable financial reporting framework should be disclosed in a separate 
paragraph of the report and should include disclosure of the effects of the departure on the 
financial statements (if known). If the accountant believes that disclosure in the report would not 
be adequate to indicate the deficiencies in the financial statements, he or she should withdraw 
from the engagement and provide no further services with respect to those financial statements. 


3.5.1 Sample Report: Compilation Report With Departures From U.S. GAAP 


Management is responsible for the accompanying financial statements of XYZ Company, 
which comprise the balance sheets as of December 31, 20X2 and 20X1, and the related 
statements of income, changes in stockholders' equity, and cash flows for the years then 
ended, and the related notes to the financial statements in accordance with accounting 
principles generally accepted in the United States of America. | (We) have performed 
compilation engagements in accordance with Statements on Standards for Accounting and 
Review Services promulgated by the Accounting and Review Services Committee of the 
AICPA. | (We) did not audit or review the financial statements nor was (were) | (we) required 
to perform any procedures to verify the accuracy or completeness of the information 
provided by management. Accordingly, | (we) do not express an opinion, a conclusion, nor 
provide any form of assurance on these financial statements. 


Accounting principles generally accepted in the United States of America require that land 

be stated at cost. Management has informed me (us) that XYZ Company has stated its land 
at appraised value and that if accounting principles generally accepted in the United States 
of America had been followed, the land account and stockholders' equity would have been 
decreased by $500,000. 


[Signature of accounting firm or accountant] 


[Accountant's city and state] 
[Date] 


Ve Pass Key 


The accountant should not modify the compilation report to include a statement 
that the financial statements are not in conformity with the applicable financial 
reporting framework. 


The accountant is precluded from including a statement that the financial statements 
are not in conformity with the applicable financial reporting framework because such 
a statement would be tantamount to expressing an adverse opinion on the financial 
statements as a whole. Such an opinion can be expressed only in the context of an 
audit engagement. 
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3.6 Reporting When Not Independent: Disclosure Required 


An accountant who is not independent with respect to an entity may compile financial 
statements for such an entity and issue a report. The last paragraph of the report should 
disclose this lack of independence. The accountant is permitted, but not required, to disclose the 
reason(s) for the independence impairment in the report. If the accountant chooses to disclose 
the reason, all reasons must be included in the disclosure. 


3.6.1 Sample Report: Compilation Report Where Accountant Is Not Independent 


Management is responsible for the accompanying financial statements of XYZ Company, 
which comprise the balance sheets as of December 31, 20X2 and 20X1 and the related 
statements of income, changes in stockholders' equity, and cash flows for the years then 
ended, and the related notes to the financial statements in accordance with accounting 
principles generally accepted in the United States of America. | (We) have performed 
compilation engagements in accordance with Statements on Standards for Accounting and 
Review Services promulgated by the Accounting and Review Services Committee of the 
AICPA. | (We) did not audit or review the financial statements nor was (were) | (we) required 
to perform any procedures to verify the accuracy or completeness of the information 
provided by management. Accordingly, | (we) do not express an opinion, a conclusion, nor 
provide any form of assurance on these financial statements. 


| am (we are) not independent with respect to XYZ Company. 


[Signature of accounting firm or accountant] 


[Accountant's city and state] 
[Date] 


Va Pass Key 


Compilation vs. Preparation 


The client's needs determine what kind of engagement (preparation or compilation) the 
accountant performs. 


The type of procedures to be performed are substantially the same. The biggest exception 
is that compilations require a report while preparation engagements do not. In addition, 
compilation engagements require the consideration of independence while preparation 
engagements do not. 
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4 Review Engagements 


1 ‘Review of Financial Statements 


A review is a higher level of service than a preparation or compilation because it results in an 
expression of limited assurance. The review report states that the accountant is not aware 

of any material modifications necessary for the statements to conform with the applicable 
financial reporting framework. Inquiry and analytical procedures provide the accountant with a 
reasonable basis for this conclusion. The accountant is not required to obtain an understanding 
of internal control or assess control risk. 


1.1 Accountant's Objective and Independence 


The objective of the accountant when performing a review of financial statements is to obtain 
limited assurance as a basis for reporting whether the accountant is aware of any material 
modifications that should be made to the financial statements for them to be in accordance with 
the applicable financial reporting framework, primarily through the performance of inquiry and 
analytical procedures. 


The accountant must be independent of the entity when performing a review of financial 
statements in accordance with SSARS. 


1.2 Review Procedures Should Be Tailored 


Review procedures should be tailored to the specific engagement. For example, if the 
accountant becomes aware of significant changes in operations, additional procedures would be 
considered. The following factors may affect the procedures performed: 


The nature and materiality of financial statement items 
The likelihood of misstatement 

Knowledge from current and previous engagements 
Qualifications of the entity's accounting personnel 


The extent to which an item is affected by management's judgment 


Inadequacies in the entity's underlying financial data 
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2 Review Requirements 


The performance requirements applicable to a review are: 
Understanding with client should be established 

Learn and/or obtain sufficient knowledge of the entity's business 
Inquiries should be addressed to appropriate individuals 
Analytical procedures should be performed 

Review—other procedures should be performed 

Client representation letter should be obtained from management 
Professional judgment should be used to evaluate results 


Accountant (CPA) should communicate results 


2.1 Understanding With the Client Should Be Established 


In order to reduce the likelihood of misunderstanding, the accountant should establish an 
understanding with management and, when appropriate, those charged with governance 
regarding the services to be performed and should document the understanding in the form of 
an engagement letter prior to performing the engagement. The understanding should include: 


=m The objectives of the engagement. 
m Management's responsibilities. 

=m The accountant's responsibilities. 
i 


The limitations of the engagement, including a statement that a review is substantially less 
in scope than an audit and that the accountant will not express an opinion on the financial 
statements. 


= Identification of the applicable financial reporting framework for the preparation of the 
financial statements. 


= The expected form and content of the accountant's review report and a statement that 
there may be circumstances in which the report may differ from its expected form and 
content. 


The engagement letter or other suitable form of written agreement should be signed by the 
accountant or the accountant's firm and management or those charged with governance, 
as appropriate. 


2.1.1 Sample: Review Engagement Letter 


[Appropriate representative of management of ABC Company] 


You have requested that we prepare the financial statements of ABC Company, which 
comprise the balance sheet as of December 31, 20XX, and the related statements of 
income, changes in stockholder's equity, and cash flows for the year then ended and 

the related notes to the financial statements and perform a review with respect to those 
financial statements. We are pleased to confirm our acceptance and our understanding of 
this engagement by means of this letter. 


(continued) 
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(continued) 


Our Responsibilities 
The objective of our engagement is to: 


a. prepare financial statements in accordance with accounting principles generally 
accepted in the United States of America based on information provided by you; and 


b. obtain limited assurance as a basis for reporting whether we are aware of any material 
modifications that should be made to the financial statements in order for the 
statements to be in accordance with accounting principles generally accepted in the 
United States of America. 


We will conduct our engagement in accordance with Statements on Standards for Accounting 
and Review Services (SSARS) promulgated by the Accounting and Review Services Committee 
of the AICPA and comply with the AICPA's Code of Professional Conduct, including the ethical 
principles of integrity, objectivity, professional competence, and due care. 


A review includes primarily applying analytical procedures to your financial data and making 
inquiries of company management. A review is substantially less in scope than an audit, the 
objective of which is the expression of an opinion regarding the financial statements as a 
whole. A review does not contemplate obtaining an understanding of the entity's internal 
control; assessing fraud risk; tests of accounting records by obtaining sufficient appropriate 
audit evidence through inspection, observation, confirmation, or the examination of source 
documents; or other procedures ordinarily performed in an audit. Accordingly, we will not 
express an opinion regarding the financial statements. 


Our engagement cannot be relied upon to identify or disclose any financial statement 
misstatements, including those caused by error or fraud, or to identify or disclose any 
wrongdoing within the entity or noncompliance with laws and regulations. However, we will 
inform the appropriate level of management of any material errors, and of any evidence or 
information that comes to our attention during the performance of our review procedures 
that indicates fraud may have occurred. In addition, we will report to you any evidence or 
information that comes to our attention during the performance of our review procedures 
regarding noncompliance with laws and regulations that may have occurred, unless they 
are clearly inconsequential. 


Your Responsibilities 


The engagement to be performed is conducted on the basis that management 
acknowledges and understands that our role is to prepare the financial statements in 
accordance with the accounting principles generally accepted in the United States of 
America and to obtain limited assurance as a basis for reporting whether we are aware of 
any material modifications that should be made to the financial statements in order for the 
statements to be in accordance with accounting principles generally accepted in the United 
States of America. You will have the following overall responsibilities that are fundamental 
to our undertaking the engagement in accordance with SSARS: 


a. The selection of accounting principles generally accepted in the United States of 
America as the financial reporting framework to be applied in the preparation of the 
financial statements. 


b. The preparation and fair presentation of financial statements in accordance with 
accounting principles generally accepted in the United States of America. 


c. The design, implementation, and maintenance of internal control relevant to the 
preparation and fair presentation of the financial statements. 


(continued) 


© Becker Professional Education Corporation. All rights reserved. Module 4 A6-29 


Review Engagements AUD 6 


A6-30 


(continued) 


The prevention and detection of fraud. 
To ensure that the entity complies with the laws and regulations applicable to its activities. 


To make all financial records and related information available to us. 


ma = 9 2 


The accuracy and completeness of the records, documents, explanations, and other 
information, including significant judgments, you provide to us for the engagement to 
prepare financial statements. 


h. To provide us with unrestricted access to persons within the entity of which we 
determine it necessary to make inquiries. 


i. To provide us, at the conclusion of the engagement, with a letter that confirms certain 
representations during the review. 


You are also responsible for all management decisions and responsibilities and for 
designating an individual with suitable skills, knowledge, and experience to oversee our 
preparation of your financial statements. You are responsible for evaluating the adequacy 
and results of services performed and accepting responsibility for such services. 


Our Report 


We will issue a written report upon completion of our review of ABC Company's financial 
statements. Our report will be addressed to the board of directors of ABC Company. We 
cannot provide assurance that an unmodified accountant's review report will be issued. 
Circumstances may arise in which it is necessary for us to report known departures from 
accounting principles generally accepted in the United States of America, add an emphasis- 
of-matter or other-matter paragraph(s), or withdraw from the engagement. If, for any 
reason, we are unable to complete the review of your financial statements, we will not issue 
a report on such statements as a result of this engagement. 


Other Relevant Information 
Our fees for these services... . 


[The accountant may include language, such as the following, regarding limitation of or other 
arrangements regarding the liability of the accountant or the entity, such as indemnification 
to the accountant for liability arising from knowing misrepresentations to the accountant by 
management (regulators may restrict or prohibit such liability limitation arrangements): 


You agree to hold us harmless and to release, indemnify, and defend us from any liability or 
costs, including attorney's fees, resulting from management's knowing misrepresentations to us.] 


Please sign and return the attached copy of this letter to indicate your acknowledgment 
of, and agreement with, the arrangements for our engagement to prepare the financial 
statements described herein and to perform a review of those same financial statements 
and our respective responsibilities. 


Sincerely yours, 


[Signature of accountant or accountant's firm] 


Acknowledged and agreed on behalf of ABC Company by: 


[Name, title, and date] 
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2.2 Learn and/or Obtain Sufficient Knowledge of the Entity's Business 


2.2.1 Knowledge of Accounting Principles and Practices of the Industry 


As in a compilation, the accountant must be familiar with the accounting principles common 
to the client's industry. Lack of experience in an industry does not preclude acceptance of an 
engagement, but the accountant is required to obtain appropriate knowledge. 


2.2.2 Understanding of Client's Business 


The accountant should possess an understanding of the client's business and the accounting 
principles and practices used by the client. This would ordinarily involve an understanding of the 
client's organization, its operating characteristics, and the nature of its assets, liabilities, equity, 
revenues, and expenses. 


2.2.3 Not Required 

The accountant is not required to: 

= Test Internal Control: An understanding of internal control is not required in a review. 
= Perform Audit Tests: No testing or audit procedures are required in a review. 


= Assess Fraud Risk: A fraud risk assessment is not required in a review, nor is the 
accountant required to perform procedures designed to detect material misstatement due 
to fraud or noncompliance with laws and regulations. 


If, however, an accountant becomes aware that fraud or noncompliance with laws 
and regulations may have occurred, he or she should consider the effect of the matter 
on the review report, and should request management to consider the effect on the 
financial statements. 


= Communicate With the Predecessor Accountant: The successor accountant may decide 
(but is not required) to communicate with the predecessor accountant regarding acceptance 
of the engagement and matters of continuing accounting significance. 


2.2.4 Designing Review Procedures 


The accountant should design the analytical procedures to be performed and the inquiries of 
management based on: 


1. the accountant's understanding of the industry; 
2. the accountant's knowledge of the client; and 


3. the risk that the accountant may unknowingly fail to modify the accountant's review report 
on financial statements that are materially misstated. 


The accountant should determine materiality for the financial statements as a whole and apply 
this materiality in designing the procedures and evaluating the results obtained from those 
procedures. The results of the accountant's inquiries and analytical procedures may modify the 
accountant's risk awareness. 
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2.3. Inquiries Should Be Addressed to Appropriate Individuals 


The accountant's inquiries within the client's organization should be directed to members of 
management with financial and accounting responsibilities, to assure that adequate responses 
are obtained. The accountant is generally not required to corroborate management's responses 
with other evidence. Inquiries should cover the following: 


= Accounting principles and practices used, and the method of applying them; 


= Procedures for recording, classifying, and summarizing transactions, and for accumulating 
information for disclosure in footnotes; 


m Whether the financial statements have been prepared and fairly presented in conformity 
with the applicable financial reporting framework, including how management determined 
that significant accounting estimates are reasonable in the circumstances; 


m Whether there have been changes in the entity's business activities or accounting principles 
and practices; 


= Matters as to which questions have arisen during the course of the review; 


Material subsequent events; 


= Significant transactions occurring or recognized during the period, particularly those near 
the end of the period; 

= The status of uncorrected misstatements from previous engagements; 

= Material fraud or suspected fraud or noncompliance with provisions of the law and regulations; 

= Significant journal entries and adjustments; 

= Communications from regulatory agencies; 

= Litigation, claims, and assessments; 

= Actions authorized by the stockholders, board of directors, or other management groups; 

= The entity's ability to continue as a going concern (and, if applicable, management's plans to 


mitigate the going concern issue); 


= Identification of related parties and related party transactions, including the purpose of 
those transactions; 


m Whether there are significant, unusual, or complex transactions, events, or matters that 
have affected or may affect the entity's financial statements; 


= Material commitments, contractual obligations, or contingencies that have affected or may 
affect the entity's financial statements, including disclosures; and 


= Material nonmonetary transactions or transactions for no consideration in the financial 
reporting period under consideration. 


Vi Pass Key 


The inquiries are of internal personnel, not of external people or entities. The examiners 
frequently have incorrect responses stating, "Make inquiries of outside ... ." 
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Ves Pass Key 


The accountant should consider the reasonableness and consistency of management's 
responses in light of the results of other review procedures and the accountant's 
knowledge of the entity's business. However, the accountant is not required to corroborate 
management's responses with other evidence. 


2.4 Analytical Procedures Should Be Performed 


Analytical procedures involve developing an expectation (based on plausible relationships) 
and comparing recorded amounts or ratios based on recorded amounts to that expectation. 
Although expectations are not as encompassing as those developed during an audit (and 
corroboration is not required), analytical procedures in a review should still be designed to 
detect relationships and individual items that appear to be unusual and may indicate material 
misstatement. These procedures consist of: 


= comparing the current financial statements with prior period financial statements, or 
current ratios with prior period ratios; 


comparing actual financial statements with budgets or forecasts, if available; 
comparing financial and relevant nonfinancial information; 


comparing the entity's ratios and indicators with those of other entities in the industry; 


comparing relationships among elements in the financial statements within the period and 
with corresponding prior period relationships; and 


= comparing disaggregated revenue data. 


Analytical procedures may be performed at the financial statement level or at the detailed 
account level. If the results of analytical procedures identify fluctuations or relationships that are 
inconsistent with other relevant information or that differ significantly from expected values, the 
accountant should investigate these differences by inquiring of management and performing 
other procedures as necessary. 


2.5 Review: Other Procedures 


During a review, the accountant should also: 


=m Read the financial statements for conformity with the applicable financial reporting 
framework. 


= Obtain reports of other accountants who have been engaged to audit or review significant 
components of the reporting entity. 


= Obtain evidence that the financial statements agree or reconcile with accounting records. 


= Remain alert for arrangement or information that may indicate the existence of related 
party relationships or transactions that management has not previously identified 
or disclosed. 
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m Evaluate the adequacy of any work performed by other accountants or experts. 


= Consider whether the going concern basis of accounting is appropriate, determine whether 
any substantial doubt exists, assess management's plans to alleviate any doubt, and 
evaluate the adequacy of related disclosures. 


m= Ifthe accountant becomes aware of a matter that may cause the financial statements to 
be materially misstated, the accountant should design and perform additional procedures 
to conclude on whether the matter causes the financial statements as a whole to be 
materially misstated. 


= If during the performance of review procedures the accountant becomes aware of 
information that is incorrect, incomplete, or otherwise unsatisfactory, the accountant should 
request that management consider the effect of these matters on the financial statements. 
The accountant should consider management's assessment of the matter and determine 
the effect, if any, on the accountant's review report. 


2.6 Client Representation Letter From Management Must Be Obtained 


The accountant is required to obtain a representation letter from management for all financial 
statements and periods covered by the review report, even if current management was not 
present during all such periods. The letter should be dated as of the date of the accountant's 
report. The letter should be addressed to the accountant and signed by the members of 
management responsible for and knowledgeable about the matters in the letter (generally the 
CEO and CFO). Management's failure to provide a representation letter results in an incomplete 
review (see below). 


Management's representations should include the following information: 


= Management has fulfilled its responsibility for the preparation and fair presentation of the 
financial statements in accordance with the applicable reporting framework. 


= Management acknowledges its responsibility for designing, implementing, and maintaining 
internal control relevant to the preparation and fair presentation of the financial statements, 
including its responsibility to prevent and detect fraud. 


= Management has provided the accountant with all relevant information and access to 
information, as agreed upon in the terms of the engagement. 


=m Management has responded fully and truthfully to all inquiries. 
= Alltransactions have been recorded and are reflected in the financial statements. 


= Management has disclosed its knowledge of fraud involving management, employees who 
have significant roles in internal control, or others, when the fraud could have a material 
effect on the financial statements. 


=m Management has disclosed its knowledge of any allegations or suspected fraud affecting the 
entity's financial statements. 


= Management has disclosed all known actual or possible instances of noncompliance 
with laws and regulations the effects of which should be considered when preparing 
financial statements. 


= Management has disclosed whether it believes that the effects of uncorrected 
misstatements are immaterial, individually and in aggregate, to the financial statements 
as a whole. (A summary of such items should be included in, or attached to, the 
written representation.) 
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=m Management has disclosed to the accountant all known actual or possible litigation, and has 
appropriately accounted for and disclosed such litigation and claims in accordance with the 
applicable financial reporting framework. 


= Management has disclosed whether it believes that significant assumptions used by it in 
making accounting estimates are reasonable. 


= Management has disclosed the identity of the entity's related parties and has appropriately 
accounted for and disclosed such relationships and transactions. 


= All events subsequent to the date of the financial statements that require adjustment or 
disclosure have been adjusted or disclosed. 


= Management has disclosed all information relevant to the use of the going concern 
assumption in the financial statements. 


= Management has disclosed additional representations related to matters specific to the 
entity's business and industry. 


If management does not provide the written representations, or the accountant concludes that 
there is cause to doubt management's integrity such that the written representations provided 

are not reliable, the accountant should discuss the matter with management and those charged 
with governance, as appropriate. 


If management does not provide the required representations or the accountant continues to 
doubt management's integrity, the accountant should withdraw from the engagement. 


2.6.1 Sample: Management Representation Letter 


Entity Letterhead 
[Date] 
To [the accountant] 


This representation letter is provided in connection with your review of the [identification 
of financial statements] of [name of entity] as of [dates] and for the [periods of review (for 
example, the years then ended)] for the purpose of obtaining limited assurance that there 
were no material modifications that should be made to the financial statements in order 
for the statements to be in conformity with [the applicable financial reporting framework (for 
example, accounting principles generally accepted in the United States of America)]. We confirm 
that we are responsible for the fair presentation of the financial statements in accordance 
with [the applicable financial accounting framework] and the selection and application of the 
accounting policies. 


Certain representations in this letter are described as being limited to matters that are 
material. Items are considered material, regardless of size, if they involve an omission or 
misstatement of accounting information that, in the light of surrounding circumstances, 
makes it probable that the judgment of a reasonable person using the information would 
be changed or influenced by the omission or misstatement. 


We represent, to the best of our knowledge and belief, [as of (date of the accountant's review 
report)] the following representations made to you during your review: 


(continued) 
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(continued) 


Financial Statements 


We acknowledge our responsibility for the preparation and fair presentation of the 
financial statements in accordance with [the applicable financial reporting framework 
(for example, accounting principles generally accepted in the United States of America)]. 


We acknowledge our responsibility and have fulfilled our responsibilities for 
the design, implementation and maintenance of internal control relevant to the 
preparation and fair presentation of the financial statements that are free from 
material misstatement whether due to fraud or error. 


We acknowledge our responsibility for the design, implementation, and maintenance 
of internal control to prevent and detect fraud. 


Significant assumptions used by us in making accounting estimates, including those 
measured at fair value, are reasonable. 


Related party relationships and transactions have been appropriately accounted for 
and disclosed in accordance with [the applicable financial reporting framework (for 
example, accounting principles generally accepted in the United States of America)]. 


Guarantees, whether written or oral, under which the company is contingently liable 
have been properly accounted for and disclosed in accordance with [the applicable 
financial reporting framework (for example, accounting principles generally accepted in the 
United States of America)]. 


Significant estimates and material concentrations known to management that are 
required to be disclosed in accordance with FASB ASC 275, Risks and Uncertainties, have 
been properly disclosed in accordance with the requirements of accounting principles 
generally accepted in the United States of America. [Significant estimates are estimates at the 
balance sheet date that could change materially within the next year. Concentrations refer to 
volumes of business, revenues, available sources of supply, or markets or geographic areas for 
which events could occur that would significantly disrupt normal finances within the next year.] 


All events subsequent to the date of the financial statements and for which [the 
applicable financial reporting framework (for example, accounting principles generally 
accepted in the United States of America)] requires adjustment or disclosure have been 
adjusted or disclosed. 


The effects of uncorrected misstatements are immaterial, both individually and in the 
aggregate, to the financial statements as a whole. 


The effects of all known actual or possible litigation and claims have been accounted 
for and disclosed in accordance with [the applicable financial reporting framework (for 
example, accounting principles generally accepted in the United States of America.)] 


Information Provided 


We have responded fully and truthfully to all inquiries made to us by you during 
your review. 


We have provided you with: 


e Access to all information, of which we are aware, that is relevant to the 
preparation and fair presentation of the financial statements, such as records, 
documentation, and other matters; 


(continued) 
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e Minutes of meetings of stockholders, directors, and committees of directors 
or summaries of actions of recent meetings for which minutes have not yet 
been prepared; 


e — Additional information that you have requested from us for the purpose of the 
review; and 


e — Unrestricted access to persons within the entity from which you determined it 
necessary to obtain review evidence. 


= All transactions have been recorded in the accounting records and are reflected in the 
financial statements. 


= We have no knowledge of any fraud or suspected fraud that affects the entity and involves: 
® management; 
© employees who have significant roles in internal control; or 
e — others, when fraud could have a material effect on the financial statements. 


= We have no knowledge of any allegations of fraud, or suspected fraud, affecting 
the entity's financial statements as a whole communicated by employees, former 
employees, analysts, regulators, or others. 


® We have no plans or intentions that may materially affect the carrying amounts or 
classification of assets and liabilities. 


= We have disclosed to you all known instances of noncompliance or suspected 
noncompliance with laws or regulations the effects of which should be considered 
when preparing financial statements. 


® We have disclosed to you all known actual or possible litigation and claims the effects 
of which should be considered when preparing the financial statements. 


= We have disclosed to you any other material liabilities or gain or loss contingencies 
that are required to be accrued or disclosed by FASB ASC 450, Contingencies. 


= We have disclosed to you the identity of the entity's related parties and all the related 
party relationships and transactions of which we are aware. 


= No material losses exist (such as from obsolete inventory or purchase or 
sale commitments) that have not been properly accrued or disclosed in the 
financial statements. 


® The company has satisfactory title to all owned assets, and no liens or encumbrances 
on such assets exist, nor has any asset been pledged as collateral, except as disclosed 
to you and reported on the financial statements. 


= We have complied with all aspects of contractual agreements that have a material 
effect on the financial statements in the event of noncompliance. 


= Weare in agreement with the adjusting journal entries you have recommended, and 
they have been posted to the company's accounts (if applicable). 


[Name of chief executive officer and title] 


[Name of chief financial officer and title] 
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2.7 Professional Judgment to Evaluate Results 


2.7.1. Incomplete Review 


Accountants must be able to perform whatever procedures they deem necessary, and if those 
procedures are not accomplished, the review is incomplete. A review that is incomplete will 
prevent the issuance of a review report. 


In such a situation, the accountant should consider whether the circumstances also prevent 
issuing a compilation report. 
2.7.2. Form and Content of Documentation 


Review engagement documentation provides support for the representation that the accountant 
performed the review in accordance with SSARS and a sufficient and appropriate record of the 
basis for the accountant's report. 


Documentation should be sufficient to provide a clear understanding of the work performed, 
including the nature, timing, and extent of review procedures performed, the review evidence 
obtained and its source, and the engagement conclusions. The accountant should document 
who performed the review procedures, the date work was completed, who reviewed the work 
performed for the purpose of quality control, and the date and extent of the review. 


= The form and content of documentation in a review should be designed to meet the needs 
of the particular engagement. 


= Written documentation from other types of engagements may be used to support the 
review report. 


= Documentation should include: 
e The engagement letter documenting the understanding with the client. 
e Significant matters, actions taken, and the basis for conclusions reached. 
e Matters about which the accountant has made inquiry and responses thereto. 


e Communications with management regarding the accountant's expectation to include 
an emphasis-of-matter or other-matter paragraph in the review report. 


e Communications with management, those charged with governance, and others 
regarding the review of significant matters arising during the engagement, including the 
nature of those matters. 


e — If information was identified that was inconsistent with the accountant's findings regarding 
significant matters affecting the financial statements, how the inconsistency was addressed. 


e Communications with other accountants that have audited or reviewed the financial 
statements of significant components. 


e The management representation letter. 


e  Acopy of the reviewed financial statements and the accountant's review report. 


Vie Pass Key 


The examiners frequently have incorrect responses to questions that suggest that audit 
test work, including testing of internal controls, is to be performed. 
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2.8 Accountant (CPA) Communicates Results 


The accountant's report in a review engagement should include: 


= Title: An appropriate title that includes the word "independent," such as "Independent 
Accountant's Review Report." 


= Addressee: The report should be addressed based on the circumstances of the 
engagement. 


= Introductory Paragraph: The introductory paragraph should: 
e Identify the entity. 
e State that the financial statements have been reviewed. 
e — Identify the financial statements. 
e Specify the date or period covered by the financial statements. 


e Include a statement that a review includes primarily applying analytical procedures to 
management's financial data and making inquiries of company management. 


e Include a statement that a review is substantially less in scope than an audit, the 
objective of which is the expression of an opinion regarding the financial statements as 
a whole, and that, accordingly, the accountant does not express such an opinion. 


= Management's Responsibility Paragraph: This paragraph should state that management 
is responsible for the preparation and fair presentation of the financial statements in 
accordance with the applicable financial reporting framework; this responsibility includes 
the design, implementation, and maintenance of internal control relevant to the preparation 
and fair presentation of financial statements that are free from material misstatement, 
whether due to fraud or error. 


= Accountant's Responsibility Paragraph: This paragraph should: 


e State that the accountant's responsibility is to conduct the review in accordance with 
SSARS promulgated by the Accounting and Review Services Committee of the AICPA. 


e State that those standards require the accountant to perform procedures to obtain 
limited assurance as a basis for reporting whether the accountant is aware of any 
material modifications that should be made to the financial statements for them to be 
in accordance with the applicable financial reporting framework. 


e State that the accountant believes that the results of the accountant's procedures 
provide a reasonable basis for the accountant's conclusion. 


e State that the accountant is required to be independent of the entity and to meet 
the accountant's other ethical responsibilities, in accordance with the relevant ethical 
requirements relating to the review. 


= Accountant's Conclusion Paragraph: This paragraph should include the accountant's 
conclusion on the financial statements and that identifies the country of origin of the 
financial reporting framework, if applicable. If the accountant issues a modified conclusion 
on the financial statements, include in the paragraph the modified conclusion and a 
description of the matters giving rise to the modification. 


Signature of Accountant 


City and State: This may be indicated in the letterhead rather than below the signature of 
the accountant. 


= Date of the Accountant's Report: This should be the date the accountant has obtained 
sufficient appropriate review evidence as the basis for the conclusion. 


= Each page of the statements should be marked, "see Independent Accountant's Review Report." 
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NOTES 
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5 Review Reports 


1 Reports on Review Engagements 


1.1 Accountant's Independence Required 


An accountant must be independent of the client to issue a review report on the financial 
statements of such a client. If the accountant determines that independence is impaired when 
performing the review engagement, the accountant should withdraw from the engagement. 


1.2 Forming Conclusions in a Review Engagement 


When forming a conclusion on the financial statements in a review engagement, the accountant 
should consider the financial statements as a whole to determine whether any modification to 
the conclusion in the auditor's report is appropriate. The accountant should do the following: 


= Evaluate whether the financial statements adequately refer to or describe the applicable 
financial reporting framework. 


= Consider whether, based on the requirements of the applicable financial reporting 
framework and the results of the procedures: 


e the terminology used, including financial statement titles, is appropriate; 


e the financial statements adequately disclose the significant accounting policies selected 
and applied and the accounting policies are consistent with the financial reporting 
framework; 


® accounting estimates made by management appear reasonable; 


e the information presented in the financial statements appears relevant, reliable, 
comparable, and understandable; and 


e the financial statements provide adequate disclosures to enable intended users to 
understand the effects of material transactions and events on the financial statements. 


= Consider the impact of uncorrected misstatements and qualitative aspects of the entity's 
accounting practices. 


= Consider the overall presentation, structure, and content of the financial statements, 
including whether the underlying transactions and events are presented fairly. 


1.2.1 Unmodified Conclusion 


The accountant should express an unmodified conclusion when limited assurance has been 
obtained that nothing has come to the auditor's attention that causes the accountant to believe 
that the financial statements are not prepared, in all material respects, in accordance with the 
applicable financial reporting framework. 
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1.2.2 Sample Report: Standard Review Report 
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Independent Accountant's Review Report 
[Appropriate addressee] 


| (We) have reviewed the accompanying financial statements of XYZ Company, which 
comprise the balance sheet as of December 31, 20XX, and the related statements of 
income, changes in stockholders’ equity, and cash flows for the year then ended, and the 
related notes to the financial statements. A review includes primarily applying analytical 
procedures to management's (owners') financial data and making inquiries of company 
management (owners). A review is substantially less in scope than an audit, the objective 
of which is the expression of an opinion regarding the financial statements as a whole. 
Accordingly, | (we) do not express such an opinion. 


Management's Responsibility for the Financial Statements 


Management (Owners) is (are) responsible for the preparation and fair presentation of 
these financial statements in accordance with accounting principles generally accepted in 
the United States of America; this includes the design, implementation, and maintenance 
of internal control relevant to the preparation and fair presentation of financial statements 
that are free from material misstatement whether due to fraud or error. 


Accountant's Responsibility 


My (Our) responsibility is to conduct the review engagement in accordance with Statements 
on Standards for Accounting and Review Services promulgated by the Accounting and 
Review Services Committee of the AICPA. Those standards require me (us) to perform 
procedures to obtain limited assurance as a basis for reporting whether | am (we are) 
aware of any material modifications that should be made to the financial statements for 
them to be in accordance with accounting principles generally accepted in the United States 
of America. | (We) believe that the results of my (our) procedures provide a reasonable 
basis for my (our) conclusion. 


We are required to be independent of XYZ Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements related to our review. 


Accountant's Conclusion 


Based on my (our) review, | am (we are) not aware of any material modifications that should 
be made to the accompanying financial statements in order for them to be in accordance 
with accounting principles generally accepted in the United States of America. 

[Signature of accounting firm or accountant, as appropriate] 

[Accountant's city and state] 

[Date of the accountant's review report] 


AUD 6 
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1.2.3. Modified Conclusion 


The accountant should express a modified conclusion when the accountant determines, based 
on the procedures performed and the review evidence obtained, that the financial statements 
are materially misstated. 


= A qualified conclusion should be expressed when the accountant concludes that the 
effect of the matter giving rise to modification is material but not pervasive to the 
financial statements. 


=m An adverse conclusion should be expressed when the accountant concludes that the 
effect of the matter giving rise to the modification is both material and pervasive to the 
financial statements. 


1.2.4 Expressing a Qualified Conclusion in the Review Report 


When the accountant determines that a qualified conclusion is appropriate, the accountant 
should modify the review report to include: 


® aconclusion section with the heading "Qualified Conclusion"; and 


= adescription of the matter giving rise to the modification, under an appropriate heading 
such as "Basis for Qualified Conclusion." The section should be immediately before the 
conclusion paragraph. 


1.2.5 Sample Report: Review Report With a Qualified Conclusion 


Independent Accountant's Review Report 
[Appropriate addressee] 


| (We) have reviewed the accompanying financial statements of XYZ Company, which 
comprise the balance sheets as of December 31, 20X2 and 20X1, and the related 
statements of income, changes in stockholders' equity, and cash flows for the years then 
ended, and the related notes to the financial statements. A review includes primarily 
applying analytical procedures to management's (owners'’) financial data and making 
inquiries of company management (owners). A review is substantially less in scope than 
an audit, the objective of which is the expression of an opinion regarding the financial 
statements as a whole. Accordingly, | (we) do not express such an opinion. 


Management's Responsibility for the Financial Statements 


Management (Owners) is (are) responsible for the preparation and fair presentation of 
these financial statements in accordance with accounting principles generally accepted in 
the United States of America; this includes the design, implementation, and maintenance 
of internal control relevant to the preparation and fair presentation of financial statements 
that are free from material misstatement whether due to fraud or error. 


(continued) 
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(continued) 


Accountant's Responsibility 


My (Our) responsibility is to conduct the review engagements in accordance with 
Statements on Standards for Accounting and Review Services promulgated by the 
Accounting and Review Services Committee of the AICPA. Those standards require me 

(us) to perform procedures to obtain limited assurance as a basis for reporting whether 

| am (we are) aware of any material modifications that should be made to the financial 
statements for them to be in accordance with accounting principles generally accepted in 
the United States of America. | (We) believe that the results of my (our) procedures provide 
a reasonable basis for my (our) conclusion. 


We are required to be independent of XYZ Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements related to 
our reviews. 


Basis for Qualified Conclusion 


As disclosed in Note X to these financial statements, accounting principles generally 
accepted in the United States of America require that inventory cost consist of material, 
labor, and overhead. Management has informed me (us) that the inventory of finished 
goods and work in process is stated in the accompanying financial statements at material 
and labor cost only, and that the effects of this departure from accounting principles 
generally accepted in the United States of America on financial position, results of 
operations, and cash flows have not been determined. 


Qualified Conclusion 


Based on my (our) reviews, except for the effect of the matter described in the Basis for 
Qualified Conclusion paragraph, | am (we are) not aware of any material modifications 
that should be made to the accompanying financial statements in order for them to be in 
accordance with accounting principles generally accepted in the United States of America. 
[Signature of accounting firm or accountant, as appropriate] 

[Accountant's city and state] 


[Date of the accountant's review report] 


1.2.6 Expressing an Adverse Conclusion in the Review Report 


When the accountant determines that an adverse conclusion is appropriate, the accountant 
should modify the review report to include: 


® aconclusion section with the heading "Adverse Conclusion"; and 


= adescription of the matter giving rise to the modification, under an appropriate heading 
such as "Basis for Adverse Conclusion." The section should be immediately before the 
conclusion paragraph. 
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1.2.7. Sample Report: Review Report With an Adverse Conclusion 


Independent Accountant's Review Report 
[Appropriate addressee] 


| (We) have reviewed the accompanying financial statements of XYZ Company, which 
comprise the balance sheet as of December 31, 20XX, and the related statements of 
income, changes in stockholders’ equity, and cash flows for the year then ended, and the 
related notes to the financial statements. A review includes primarily applying analytical 
procedures to management's (owners') financial data and making inquiries of company 
management (owners). A review is substantially less in scope than an audit, the objective 
of which is the expression of an opinion regarding the financial statements as a whole. 
Accordingly, | (we) do not express such an opinion. 


Management's Responsibility for the Financial Statements 


Management (Owners) is (are) responsible for the preparation and fair presentation of 
these financial statements in accordance with accounting principles generally accepted in 
the United States of America; this includes the design, implementation, and maintenance 
of internal control relevant to the preparation and fair presentation of financial statements 
that are free from material misstatement whether due to fraud or error. 


Accountant's Responsibility 


My (Our) responsibility is to conduct the review engagement in accordance with Statements 
on Standards for Accounting and Review Services promulgated by the Accounting and 
Review Services Committee of the AICPA. Those standards require me (us) to perform 
procedures to obtain limited assurance as a basis for reporting whether | am (we are) 
aware of any material modifications that should be made to the financial statements for 
them to be in accordance with accounting principles generally accepted in the United States 
of America. | (We) believe that the results of my (our) procedures provide a reasonable 
basis for my (our) conclusion. 


We are required to be independent of XYZ Company and to meet our other ethical 
responsibilities, in accordance with the relevant ethical requirements related to our review. 


Basis for Adverse Conclusion 


As disclosed in Note X to these financial statements, the Company has not consolidated 
the financial statements of subsidiary ABC Company it acquired during 20X1 because it has 
not yet been able to ascertain the fair values of certain of the subsidiary's material assets 
and liabilities at the acquisition date. This investment is therefore accounted for on a cost 
basis by the Company. Under accounting principles generally accepted in the United States 
of America, the subsidiary should have been consolidated because it is controlled by the 
Company. Had XYZ Company been consolidated, many elements in the accompanying 
consolidated financial statements would have been materially affected. The effects on the 
consolidated financial statements of the failure to consolidate have not been determined. 


Adverse Conclusion 


Based on my (our) review, due to the significance of the matter described in the Basis 
for Adverse Conclusion paragraph, the financial statements are not in accordance with 
accounting principles generally accepted in the United States of America. 

[Signature of accounting firm or accountant, as appropriate] 

[Accountant's city and state] 

[Date of the accountant's review report] 
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1.3. Emphasis-of-Matter Paragraph and Other-Matter Paragraphs 


In certain circumstances, the accountant is required to include an emphasis-of-matter or 
other-matter paragraph in the review report. Those circumstances include: 


m When management revises financial statements for a subsequently discovered fact that 
became known after the report release date and the review report on the revised financial 
statements differs from the original review report. 


=m When financial statements are prepared in accordance with a special purpose framework. 


=m With respect to a changed reference to a departure from the applicable financial reporting 
framework when reporting on comparative financial statements. 


=m When reporting on comparative financial statements when the prior period is audited. 


m When the accountant concludes that substantial doubt about the entity's ability to continue 
as a going concern for a reasonable time remains. 


= With respect to supplementary information that accompanies the reviewed financial 
statements and the accountant's review report. 


=m With respect to required supplementary information. 


At the accountant's discretion, an emphasis-of-matter paragraph may also be added to the 
report to discuss uncertainties or inconsistencies, or to emphasize any matter already disclosed 
in the financial statements, such as subsequent events, significant related party transactions, 

or changes in accounting principle. Emphasis-of-matter paragraphs draw users’ attention to a 
matter appropriately presented or disclosed in the financial statements. The emphasis-of-matter 
paragraph should include the paragraph within a separate section of the accountant's report 
with the heading "Emphasis of a Matter" or another appropriate heading. 


If the accountant considers it necessary to communicate a matter other than those that are 
presented or disclosed in the financial statements, then the accountant should include a 
paragraph within a separate section of the accountant's review report with the heading "Other 
Matter" or another appropriate heading. 


If the accountant expects to include an emphasis-of-matter or other-matter paragraph in the 
accountant's review report, the accountant should communicate with management regarding 
this expectation and the proposed wording of this paragraph. 


Va Pass Key 


Some emphasis-of-matter paragraphs that may be included at the discretion of the 
accountant include: 


e An uncertainty relating to the future outcome of unusually important litigation or 
regulatory action. 


e Amajor catastrophe that has had, or continues to have, a significant effect on the 
entity's financial position. 


e Significant transactions with related parties. 


e Unusually important subsequent events. 
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1.4 Reporting on Financial Statements That Are Prepared 
in Accordance With a Special Purpose Framework 


A review report prepared in accordance with a special purpose framework should: 


m= Make reference to management's responsibility for determining the applicable financial 
reporting framework. 


= Include an emphasis-of-matter paragraph, under an appropriate heading that indicates that 
the financial statements are prepared in accordance with the applicable special purpose 
framework, refers to the note to the financial statements that describes the framework, and 
states that the special purpose framework is a basis of accounting other than GAAP. 


= If prepared using the regulatory or contractual basis of accounting, include a description of 
the purpose for which the financial statements are prepared or refer to the appropriate 
note in the financial statements in the management's responsibility paragraph and include 
an other-matter paragraph, under an appropriate heading, restricting the use of the 
accountant's review report. 


The accountant should modify the review report when the accountant becomes aware that the 
financial statements do not include: 


= Adescription of the special purpose framework. 
= Asummary of significant accounting policies. 


m An adequate description about how the special purpose framework differs from GAAP. The 
effects of these differences need not be quantified. 


= Informative disclosures similar to those required by GAAP when the financial statements 
contain items that are the same as, or similar to, those in financial statements prepared in 
accordance with GAAP. 


1.5 Reference to the Work of Other Accountants 
in an Accountant's Review Report 


If the accountant of the reporting entity decides not to assume responsibility for the audit or 
review performed by other accountants, the accountant may make reference to any or all other 
accountants who audited or reviewed significant components, as long as the other accountant's 
report is not restricted. The decision is solely at the discretion and judgment of the accountant 
of the reporting entity. Reference to other accountants would occur in the accountant's 
responsibility paragraph and should indicate the portion of the financial statements audited or 
reviewed by the other accountants. 


1.6 Consideration of an Entity's Ability to Continue as a Going Concern 


The auditor should perform review procedures related to going concern if the applicable 
financial reporting framework includes requirements for management to evaluate the entity's 
ability to continue as a going concern or if the accountant becomes aware of conditions 

that raise substantial doubt about the entity's ability to continue as a going concern. This 
includes determining whether the going concern basis of accounting is appropriate, reviewing 
management's evaluation of going concern, inquiring about management's plan to mitigate 
those matters, and determining the adequacy of those disclosures. 
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If after considering conditions or events that raise substantial doubt about the entity's ability to 
continue as a going concern and management's plans, the accountant concludes that: 


= Going concern is alleviated—the accountant may, but is not required to, include an 
emphasis-of-matter paragraph. 


™ Going concern remains—the accountant should include a separate section in the review 
report with the heading "Substantial Doubt About the Entity's Ability to Continue as a Going 
Concern" that draws attention to the note in the financial statements that discusses the 
matter and states that the accountant's conclusion is not modified with respect to the matter. 


If the accountant determines that the entity's disclosures are inadequate, the accountant should 
express a qualified or adverse conclusion, as appropriate. 


Vas Pass Key 


An accountant may decide to restrict the use of a compilation or review report to certain 
specified parties (e.g., when the subject matter of the report is based on criteria other than 
GAAP or a special purpose framework). Because the accountant cannot control distribution 
of his or her report after issuance, the report itself should clearly state that it is intended to 
be used only by the identified parties. 


2 Reporting on Comparative Financial Statements 


When comparative financial statements are presented, the accountant's report should refer to 
each period for which financial statements are presented. 


2.1 Updating the Report 


When reporting on all periods presented, a continuing accountant should update the report on 
one or more prior periods presented on a comparative basis with those of the current period. 


When issuing an updated report, the continuing accountant should consider information that 
the accountant has become aware of during the engagement for the current period financial 
statements. 


If, during the current engagement, circumstances or events come to the accountant's attention 
that may affect the prior period financial statements presented, the accountant should consider 
the effects on the accountant's report. 


2.2  Period(s) in Question 


2.2.1 All Periods Compiled or Reviewed 


When the periods presented in comparative financial statements are either all compiled or all 
reviewed, a continuing accountant should update the report on the prior period and issue it as 
part of the current report. 


2.2.2 Current Period Reviewed and Prior Period Compiled 


When the continuing accountant performs a higher level of service in the current period, the 
report on the prior period(s) should be updated and issued as the last paragraph of the current 
period's report. 
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2.2.3 Current Period Compiled and Prior Period Reviewed 


In the event that accountants have reviewed the prior period statements but compiled the 
current period statements, they can do one of the following: 


1. Issue a compilation report and add a paragraph to the report on the current period 
statements. The added paragraph should describe the responsibility assumed for the 
prior period statements. This description should include the date of the original report 
and a statement that no review procedures were performed in connection with the review 
engagement after the date of the review report. 


2. Reissue the prior period review report. The reissued review report may be: 
e® combined with the current period compilation report; or 
e presented separately from the current period compilation report. 
If a combined report is used, the report should state: 


No review procedures were performed in connection with the review engagement 
after the date of the review report. 


2.2.4 Current Period Prepared and Prior Period Compiled or Reviewed 
In the event that accountants have compiled or reviewed the prior period statements but 
prepared the current period statements, there is no requirement to reference the prior period. 


2.3. Other Requirements 


2.3.1 Columnar Form 


Accountants may advise a client to include a clear indication when financial statements that 
have not been audited, reviewed, or compiled are presented in columnar form with financial 
statements on which an accountant has compiled the financial statements, so that a user does 
not inappropriately extend the accountant's compilation report to such financial statements. 


2.3.2 Omission of Required Disclosures 


Compiled financial statements that omit substantially all of the disclosures required by GAAP are 
not comparable to financial statements including such disclosures. The accountant should not 
issue a report on comparative financial statements when statements for one or more, but not 
all, of the periods presented omit substantially all of the disclosures required by GAAP. 


2.3.3. Information Affecting Previous Reports 


During the current engagement, an accountant may become aware of information that would 
have affected the report on the prior periods. In such a situation, a previous modification made 
to disclose a departure from GAAP (or another applicable financial reporting framework) may 
no longer be necessary, or a new modification to disclose a departure from GAAP (or another 
applicable financial reporting framework) may be required. 


An other-matter paragraph should be added to the prior period report that states: 
1. the date of the original report; 
2. that the statements of the prior period have been changed, if applicable; and 


3. the reason for the change in the original report. 


© Becker Professional Education Corporation. All rights reserved. Module 5 A6-49 


Review Reports AUD 6 


2.4 Other Accountants Involved in Prior Periods 


2.4.1 Predecessor Accountant's Compilation or Review Report Reissued Unchanged 


Predecessor accountants are not required to reissue their report on prior periods. If the 
predecessor accountants decide to reissue their report, they should: 


1. Decide if their report is still appropriate: 
e considering the current presentation of statements for the prior period; 
e based on subsequent events; and 
e — inlight of required modifications that may be necessary in their report. 
2. Perform the following procedures: 
e read the statements and the report of the current period; 
© compare the prior period statements with those issued previously and currently; and 


e obtain a letter from the successor accountants stating that they are not aware of any 
relevant information that might have a material effect on the prior period statements. 


If the predecessor accountants become aware of information that may affect the financial 
statements or their report, they should (i) perform the same procedures they would have 
performed during the previous engagement; and (ii) perform any additional procedures they 
deem necessary. 


Pass Key 


Whenever predecessor accountants are asked to reissue their prior report (audit, review, 
or compilation), they should read the new financial statements and obtain a representation 
letter from the new accountant. 


2.4.2 Predecessor's Report Not Reissued 


When the prior period financial statements have been subject to a compilation or review by a 
predecessor accountant and the predecessor's report is not presented, the successor is not 
required to make reference to the compilation or review report on the prior period financial 
statements. However, the successor accountant may (but is not required to) make reference to 
the report of the predecessor accountant in the current report or perform that level of service 
himself or herself. 


In making reference to the predecessor accountant's report, the successor accountants may 
expand the report by including an additional paragraph mentioning the following: 


= astatement that the prior periods were compiled or reviewed by other accountants (who 
are generally not named, unless the predecessor's and successor's practices are combined); 


= the date of their report; and 
= adescription of any modifications contained in the report. 


If the predecessor accountant's report was compiled in the prior year, the paragraph should also 
include a statement that the other accountant(s) did not audit or review the financial statements 
and, accordingly, did not express an opinion or provide any assurance about whether the 
financial statements are in accordance with the applicable financial reporting framework. 
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If the predecessor accountant's report was reviewed in the prior year, then the paragraph 
should include a statement that, based on his or her review, the other accountant(s) are not 
aware of any material modifications that should be made to the financial statements in order 
for them to be in accordance with the applicable financial reporting framework other than those 
modifications, if any, indicated in the report. 


2.4.3 Restated Prior Period Financial Statements 


The predecessor or successor accountant may report on changed prior period financial 
statements, as restated. 


Alternatively, the successor accountant may report only on the restatement adjustment, 
while indicating a predecessor accountant reported on the prior period financial statements 
before restatement. 


2.5 Reporting When One Period Is Audited 


When unaudited (i.e., compiled or reviewed) financial statements are presented in comparative 
form with audited financial statements, the unaudited financial statements should be clearly 
marked and the accountant should either: 


1. reissue the prior period report; or 


2. include an other-matter paragraph in the current report describing the responsibility 
assumed for the prior period's statements. 


2.5.1. Current Period Unaudited and Prior Period Audited 


When the prior period has been audited, the accountant should issue the current period 
compilation or review report, and add an other-matter paragraph, which should indicate: 


= that prior period statements were audited; 

m= the date of the previous report(s); 

m= the opinions expressed, and, if other than unmodified, the reasons for the modification; and 
wi 


that no auditing procedures have been performed since the previous report date. 


2.5.2. Current Period Audited and Prior Period Unaudited 


When the current period statements are audited, the auditor should include an other-matter 
paragraph in the auditor's report that includes: 


=m the service (review or compilation) performed in the prior period; 
= the date of the prior period report; 

= adescription of any material modifications described in the report; 
ti 


a statement that the service was less in scope than an audit and did not provide the basis 
for an opinion. 


Note: If unaudited financial statements are presented in comparative form with audited 
financial statements in documents filed with the SEC, such statements should be marked 
"unaudited," but should not be referred to in the auditor's report. 
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Ves Pass Key 


A great deal of overlap exists in the procedures performed in preparation, compilation, and 
review engagements. Each level of service requires progressively more procedures. The 
chart below summarizes the overlap of procedures performed in SSARS engagements. 


Create Inquiries Analytical 
Appropriate (Within Procedures 
Report Organization) 


Compilation Assurance, Attest) 


Review (Limited/Negative Assurance, Attest) 
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Interim Reviews 


1 Overview 


Interim financial information may be condensed or in the form of complete financial statements, 
and may cover: 


1. aperiod less than a full year; or 
2. a12-month period ending on a date other than the entity's fiscal year-end. 


1.1. Applicability: Nonissuers (SAS) 
An auditor may conduct a review of the interim financial information of a nonissuer if: 
1. the latest financial statements have been audited; 


2. the auditor either has been engaged to audit the entity's current year financial statements, 
or audited the entity's latest annual financial statements and the appointment of another 
auditor to audit the current year financial statements is not effective before the beginning of 
the period covered by the review; 


3. the same financial reporting framework is used for the interim financial statements as was 
used in the annual financial statements; and 


4. the interim financial information is condensed information, it conforms with an appropriate 
financial reporting framework, it includes an explanatory note, and it accompanies the latest 
audited financial statements (or those statements are made readily available). 


The explanatory note should indicate that the information does not represent complete 
financial statements, and that it should be read in conjunction with the latest annual 
financial statements. 


1.2 Applicability: Issuers (PCAOB) 


1.2.1 Situations Requiring a Review of Interim Financial Information 


Certain entities are required by the SEC to file quarterly reports. The SEC requires that an 
independent auditor review such quarterly information before the quarterly report is filed. 


Many entities are required by the SEC to include selected quarterly financial data in their annual 
reports or in other SEC filings. A review of such quarterly information is also required. 


An auditor performing an initial audit of financial statements that include selected quarterly data 
should also perform a review of that data as part of the overall audit. 


1.2.2 Written Report 


Although auditing standards do not require a written report on a review of interim financial 
information, if a client states, in a document filed with a regulatory agency or issued to 
shareholders or third parties, that an auditor has reviewed the interim financial information 
included therein, the review report must also be included in that document. 


For example, the SEC requires that a review report be filed along with the interim financial 
information if an entity states, in any filing, that an independent public auditor has reviewed the 
interim financial statements. 
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2 Procedures 


Auditing standards require the auditor to perform the following procedures, each of which will 
be covered in greater detail below. 


=m Understanding with the client should be established. 


= Learn and/or obtain sufficient understanding of the entity, its environment, including 
internal control. 


Inquiries should be addressed to the appropriate individuals. 
Analytical procedures should be performed. 

Review—other procedures should be performed. 

Client representation letter should be obtained from management. 


Professional judgment should be used to evaluate results. 


Auditor (CPA) should communicate results. 
2.1 Understanding With the Client Should Be Established 


2.1.1 Pre-acceptance Procedures 


Before accepting an engagement to review an entity's interim financial information, the auditor 
should: 


= Determine whether the financial reporting framework used to prepare the interim financial 
information is acceptable. 


= Obtain the agreement of management that it acknowledges and understands its 
responsibility for: 


e the preparation and fair presentation of the interim financial information; 


e the design, implementation, and maintenance of internal control sufficient to provide 
a reasonable basis for the preparation and fair presentation of the interim financial 
information; 


e providing the auditor with access to the information and persons needed to complete 
the review; and 


e — including the auditor's review report in any document containing interim financial 
information that indicates that the information has been reviewed by the 
entity's auditor. 


2.1.2 Engagement Letter 


In order to reduce the likelihood of misunderstanding, the auditor should establish an 
understanding with the client regarding the services to be performed through the use of an 
engagement letter. The understanding should include: 


= Objectives and Scope of the Engagement: The objective of a review of interim 
financial information is to determine whether material modifications are necessary for 
the information to be in conformity with the applicable financial reporting framework. 
Making inquiries and performing analytical procedures provide the support for this type 
of reporting. 


= Management's Responsibilities: Management's responsibilities with respect to interim 
financial information are analogous to its responsibilities for annual financial statements. 
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= Auditor's Responsibilities: The auditor is responsible for conducting the review in 
accordance with appropriate standards (SAS or PCAOB standards). A review, which consists 
primarily of analytical procedures and inquiries, is substantially less in scope than an audit, 
and therefore no opinion should be expressed. 


= Limitations of the Engagement: A review does not provide a basis for expressing an opinion, 
does not provide the auditor with a basis for obtaining reasonable assurance that the auditor 
will become aware of the significant issues and findings that would be identified in an audit, 
and is not designed to provide assurance regarding internal control. Communication is 
required if significant deficiencies or material weaknesses in internal control are noted. 


= Financial Reporting Framework: The engagement letter should identify the applicable 
financial reporting framework for the preparation of the interim financial information. 


2.2 Learn and/or Obtain an Understanding of the Entity 
and Its Environment, the Applicable Financial Reporting 
Framework, and the Entity's System of Internal Control 


2.2.1 Purpose 


The auditor needs to have an understanding of the entity and its environment, the applicable 
financial reporting framework, and the entity's system of internal control in order to: 


1. Determine what types of material misstatements may occur; 
2. Evaluate the likelihood that such misstatements will occur; and 


3. Select appropriate inquiries and analytical procedures. 


2.2.2 Planning 


During planning, the auditor should update this understanding by performing the following 
procedures: 


1. Read the documentation of prior audits and reviews to identify matters that may affect the 
current period's interim financial information. 


2. Read the most recent annual financial information and financial information from recent 
comparable prior interim periods. 


3. Consider the results of any audit procedures performed on the entity's current year 
financial statements. 


4. Inquire of management regarding changes in business activities or internal control. 


5. Inquire of management about the identity of and transactions with related parties. 


2.2.3 Obtaining Knowledge 


In an initial review of interim financial information, the auditor should make inquiries of 
the predecessor auditor and, if permitted, review the predecessor's documentation. The 
successor auditor remains solely responsible for the review procedures performed and the 
conclusions reached. 


An auditor who has audited the most recent annual financial statements may already have 
sufficient knowledge of internal control as it relates to interim financial information. If the 
auditor has not audited the most recent annual financial statements, he or she should perform 
procedures to obtain knowledge about the entity's internal control. Internal control over interim 
financial information may differ from internal control over annual financial statements (e.g., 
greater use of estimates may require different accounting principles and practices). 


Significant deficiencies in internal control may make it impracticable for the auditor to 
perform a review. 
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2.3. Inquiries Should Be Addressed to Appropriate Individuals 
2.3.1 Required Inquiries 


Inquiries should be directed to members of management with responsibility for financial and 
accounting matters, and should include queries regarding the following items: 


= Whether the interim financial information has been prepared in conformity with the 
applicable financial reporting framework. 


Unusual or complex situations affecting the interim financial information. 
Significant transactions during the last several days of the interim period. 
The status of uncorrected misstatements from previous audits/reviews. 
Subsequent events. 

Fraud, suspected fraud, or allegations of fraud. 

Significant journal entries and adjustments. 

Communications from regulatory agencies. 

Significant deficiencies and material weaknesses in internal control. 


Changes in related parties or significant new related party transactions. 


The entity's ability to continue as a going concern (and, if applicable, management's plans to 
mitigate the going concern issue). 


= Questionable matters noted during other review procedures. 


2.3.2 Inquiry of Client's Lawyer 


Inquiry of the entity's lawyer regarding litigation, claims, and assessments generally is not 
required, but may be appropriate in certain circumstances. 


2.3.3. Going Concern 


Although a review of interim financial information is not designed to provide information 
regarding an entity's ability (or lack thereof) to continue as a going concern for a reasonable 
period of time, such condition or events that raise substantial doubt about the entity's ability 
to continue as a going concern may come to the auditor's attention, or may have existed at the 
date of prior period financial statements. In such cases, the auditor should make appropriate 
inquiries and consider the adequacy of disclosure, but is not required to corroborate 
mitigating factors. 


2.4 Analytical Procedures Should Be Performed 


The auditor uses his or her understanding of the entity and its environment, the applicable 
financial reporting framework, and the entity's system of internal control to develop appropriate 
analytical procedures, inquiries, and other procedures. 


Analytical procedures are performed to provide a basis for inquiry about unusual items, and 
should include the following items: 


= Comparisons over time of interim financial information: 
e Current interim financial information vs. immediately preceding interim period. 
e Current interim financial information vs. comparable period from prior year. 


= Consideration of plausible relationships among both financial and relevant nonfinancial 
information. 
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= Comparison of recorded amounts (or related ratios) to the auditor's expectations. 
Expectations generally will be less precise than those developed during an audit. 


= Comparison of disaggregated revenue data (e.g., revenue by month and by product line) for 
the current interim period with that of comparable prior periods. 


2.5 Review: Other Procedures 


Other procedures may also be used to address significant accounting and disclosure matters 
relating to interim financial information. The auditor should: 


1. Read minutes of stockholder meetings, directors' meetings, etc., making appropriate 
inquiries if minutes are unavailable. 


2. Obtain reports from any component auditors engaged to review the interim financial 
information of subsidiaries, investees, etc., making appropriate inquiries if reports have not 
been issued. 


3. Obtain evidence that the interim financial information agrees or reconciles with the 
accounting records, and inquire of management regarding the reliability of those accounting 
records. 


4. Read the interim financial information for conformity with the applicable financial reporting 
framework. 


5. Read other information in documents containing the interim financial information for 
material inconsistencies or material misstatements of fact. 


6. Extend review procedures to resolve any outstanding questions regarding the interim 
financial information's conformity with the applicable financial reporting framework. 


Review procedures may be performed before or simultaneously with the entity's preparation 
of the interim financial information. Certain audit procedures related to the annual financial 
statement audit may be performed concurrently with the review. 


2.6 Client Written Representation Letter 
From Management Should Be Obtained 


As is the case with an audit, the auditor should obtain written representations from 
management related to the financial information, the completeness of information, recognition, 
measurement, disclosure, and subsequent events. 


If management refuses to provide one or more requested written representations or the auditor 
has concerns about the reliability of the representations, the auditor should: 


1. discuss the matter with management and those charged with governance; 

2. reevaluate the integrity of management; and 

3. consider whether to withdraw from the review engagement and, if applicable, withdraw as 
the entity's auditor. 

2.7 Professional Judgment to Evaluate Results 


2.7.1. Misstatements 


The auditor should accumulate misstatements identified during the review, including inadequate 
disclosures, and should evaluate the misstatements individually and in the aggregate to 
determine whether material modification should be made to the financial information for it to 
be in accordance with the applicable financial reporting framework. 
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2.7.2 Scope Limitations 


If the auditor is unable to perform necessary procedures or management does not provide 
appropriate representations, no review report should be issued. The auditor should 
communicate such matters, as well as known material departures from the applicable financial 
reporting framework, to management, those charged with governance, etc. 


2.8 Auditor Communicates Results 


2.8.1 Communications to Management 
Prompt communication to management is required if the auditor believes: 


= Material modifications should be made to the interim financial information for it to be in 
accordance with the applicable financial reporting framework. 


=  Anissuer filed quarterly reports with the SEC (Form 10-Q or Form 10-QSB) prior to 
completion of the review. 


= Anonissuer issued the interim financial information prior to completion of the review (in 
situations that required a review). 


If management does not respond appropriately to such communications, the auditor should 
inform those charged with governance. If those charged with governance do not respond 
appropriately, the auditor should consider resigning, and may wish to consult legal counsel. 
2.8.2 Required Communications With Those Charged With Governance 


An auditor conducting a review of interim financial information is subject to communication 
requirements analogous to those required in an audit. Communications are required 
with respect to: 


=m Fraud and noncompliance with laws and regulations. 
= Significant deficiencies or material weaknesses in internal control. 


If the auditor cannot complete the review, the auditor should communicate to the appropriate 
level of management and those charged with governance: 


1. the reason the review cannot be completed; 


2. that an incomplete review does not provide a basis for reporting and, accordingly, that the 
auditor is precluded from issuing a review report; and 


3. any material modifications that the auditor has become aware of during the review that 
should be made to the interim financial information for it to be in accordance with the 
applicable financial reporting framework. 


Communications to those charged with governance should be made on a timely basis (for 
issuers, Communications should be made before the entity files its interim financial information 
with a regulatory agency, or as soon as practicable). 
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2.8.3 Sample Report: Review of Interim Financial Statements (Nonissuer) 


Independent Auditor's Review Report 
[Appropriate Addressee] 
Results of Review of Interim Financial Information 


We have reviewed the accompanying [describe the interim financial information or statements 
reviewed] of ABC Company and subsidiaries as of September 30, 20X1, and for the 
three-month and nine-month periods then ended, and the related notes (collectively referred 
to as the interim financial information). 


Based on our review, we are not aware of any material modifications that should be made 

to the accompanying interim financial information for it to be in accordance with [identify the 
applicable financial reporting framework; for example, accounting principles generally accepted in 
the United States of America]. 


Basis for Review Results 


We conducted our review in accordance with auditing standards generally accepted in the 
United States of America (GAAS) applicable to reviews of interim financial information. 

A review of interim financial information consists principally of applying analytical procedures 
and making inquiries of persons responsible for financial and accounting matters. A review 
of interim financial information is substantially less in scope than an audit conducted in 
accordance with GAAS, the objective of which is an expression of an opinion regarding the 
financial information as a whole, and accordingly, we do not express such an opinion. We are 
required to be independent of ABC Company and to meet our other ethical responsibilities in 
accordance with the relevant ethical requirements relating to our review. We believe that the 
review procedures provide a reasonable basis for our conclusion. 


Responsibilities of Management for the Interim Financial Information 


Management is responsible for the preparation and fair presentation of the interim financial 
information in accordance with [identify the applicable financial reporting framework; for 
example, accounting principles generally accepted in the United States of America] and for the 
design, implementation, and maintenance of internal control relevant to the preparation and 
fair presentation of interim financial information that is free from material misstatement, 
whether due to fraud or error. 

[Signature of the auditor's firm] 

[City and state where the auditor's report is issued] 


[Date of the auditor's report] 


L Pass Key 


Each page of the interim financial information should be clearly marked unaudited. 
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2.8.4 Sample Report: Review of Interim Financial Statements (Issuer) 


Report of the Independent Registered Public Accounting Firm 
To the shareholders and the board of directors of X Company: 
Results of Review of Interim [Financial Information or Statements] 


We have reviewed the accompanying [describe the interim financial statements reviewed] 
of X Company (the "Company") and consolidated subsidiaries as of September 30, 20X1, 
and for the three-month and nine-month periods then ended, and the related notes 
and schedules (collectively referred to as the "interim financial statements"). Based on 
our review, we are not aware of any material modifications that should be made to the 
accompanying interim financial statements for them to be in conformity with accounting 
principles generally accepted in the United States of America. 


Basis for Review Results 


These interim financial statements are the responsibility of the Company's management. 
We are a public accounting firm registered with the Public Company Accounting Oversight 
Board (United States) (PCAOB) and are required to be independent with respect to the 
Company in accordance with the U.S. federal securities laws and the applicable rules and 
regulations of the Securities and Exchange Commission and the PCAOB. 


We conducted our review in accordance with the standards of the PCAOB. A review 

of interim financial information consists principally of applying analytical procedures 
and making inquiries of persons responsible for financial and accounting matters. It is 
substantially less in scope than an audit conducted in accordance with the standards of 
the PCAOB, the objective of which is the expression of an opinion regarding the financial 
statements taken as a whole. Accordingly, we do not express such an opinion. 


[Signature] 


[City and state or country] 
[Date] 


2.8.5 Departures From the Applicable Financial Reporting Framework 


The auditor should modify the report if, during the review, the auditor becomes aware of 

a departure from the applicable framework, such as inadequate disclosure or changes in 
accounting principle that are not in conformity with the framework. The modification should 
include a description of the departure and, if determinable, the effects of the departure. If there 
is inadequate disclosure in the interim information, auditors should also modify the report to 
include the necessary information, if practicable. 


The report is modified by adding a description of the departure within the results of review 
section of the auditor's report and by modifying the conclusion to read: 


Based on our review, with the exception of the matter described in the following paragraph(s), we are 
not aware of any material modifications ... . 


If the auditor believes that modification of the review report is not sufficient to address the 
deficiencies, the auditor should withdraw from the engagement. 
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2.8.6 Going Concern 


= For Nonissuers: The auditor should include a separate section in the Auditor's Review 
Report regarding going concern when: 


1. agoing concern section was included in the prior year's report and the conditions that 
caused the auditor to conclude that substantial doubt about the entity's ability to continue 
as a going concern still exist and management's plans do not alleviate these matters; or 


2. a going concern section was not included in the prior year's report and management 
has included a statement that substantial doubt exists in its financial statements. 


= For Issuers: As long as disclosure about going concern is adequate, the auditor is not 
required to include an explanatory paragraph. 


= For Both Nonissuers and Issuers: If the auditor determines that the disclosure related to 
substantial doubt about the entity's ability to continue as a going concern is inadequate, 
resulting in a departure from the applicable financial reporting framework, the auditor 
should modify the report. 


3 Other Uses of Interim Financial Information 


3.1. Interim Financial Information Accompanying 
Audited Financial Statements 


Normally, there is no need to refer to the review in the audit report because interim financial 
information is not a required part of the financial statements. However, modifications to the 
audit report are necessary in the following circumstances: 


= When interim financial information included in a note to the financial statements is not 
marked unaudited, the auditor would disclaim an opinion on the interim financial information. 


m= When interim financial information accompanies the audited financial statements, the 
auditor should include an other-matter paragraph in the auditor's report when all of the 
following conditions exist: 


e The interim financial information that has been reviewed is included in a document 
containing audited financial statements. 


e — The interim financial information accompanying the audited financial statements does not 
appear to be presented in accordance with the applicable financial reporting framework. 


e The auditor's separate review report that refers to the departure from the applicable 
financial reporting framework is not presented with the interim financial information. 


= Forissuers, when quarterly information required by the SEC has not been reviewed, an 
explanatory paragraph with an appropriate heading should be added to the auditor's 
report, indicating that the auditor was unable to review such information. 


= Forissuers, when quarterly information required by the SEC is omitted, an explanatory 
paragraph with an appropriate heading should be added to the auditor's report, indicating 
that the company has not presented such information. 


3.2 Interim Financial Information Presented in a Registration Statement 


The Securities Act of 1933 imposes certain responsibilities on an auditor who prepares a report 
that is used in connection with a registration statement. 


If an auditor's review report on interim financial information is presented (or incorporated 

by reference) in a registration statement, a prospectus that includes a statement about the 
independent auditor's involvement should clarify that the report is not considered to be a report 
or part of the registration statement within this context. 
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4 summary of Engagements 


Preparation | Compilation Review Audit 
Engagement | Engagement Engagement Engagement 
SSARS SSARS SSARS SAS PCAOB SAS/PCAOB 
Level of None None Limited Reasonable 
Assurance 
Entities Nonissuers only Nonissuers only Nonissuers | Nonissuers: | Issuers: Nonissuers/Issuers 
Interim FS Interim FS 
Knowledge Knowledge Knowledge Same as compilation plus knowledge __| Extensive 
Required of accounting of accounting of client's business knowledge of 
principles principles economy, industry, 
and practices and practices and client's 
of industry; of industry; business 
understanding the | understanding the 
financial reporting | financial reporting 
framework framework 
Inquiry and None unless None unless Inquiries of internal personnel Inquiries of external 
Analytical information is information is Analytical procedures parties and internal 
Procedures questionable questionable personnel 
Required i 
Analytical 
procedures 
Audit procedures 
GAAP May omit, but May omit most All are required or modify review All are required or 
Disclosure need to disclose | without restricting | report "qualified/adverse" 
Omitted in the financial use; warn with opinion 
statement ending paragraph 
GAAP May depart from | Modify report Modify report to discuss GAAP Modify report; 
Departures GAAP, but need to discuss GAAP | departure "qualified/adverse" 
to disclose inthe | departure opinion 
financial statement 
Independence | Not required Not required Required Required 
(non-attest but disclosure is 
engagement) required 
Engagement Presumptively Presumptively Presumptively Presumptively 
Letter mandatory mandatory mandatory mandatory 
Representation | Not required Not required Required Required 
Letter 
Understanding | Not required Not required Not required | Required Required | Required 
of Internal (no test work) (no test 
Control work) 
Errors and Only obvious Only obvious Only errors discovered through inquiry | Must be designed to 
Irregularities errors errors found when | and analytical procedures provide reasonable 
Detection reading financial assurance of 
statements detection of material 
misstatements 
FS Reported on | One or more One or more One or more financial statements One or more 
(BS/IS/RE/CF) financial financial allowed if scope of inquiry and financial statements 
statements may | statements analytical procedures have not been allowed if scope of 
be prepared allowed to be restricted audit is not limited 
reported on and all necessary 
procedures are 
applied 
Communication | Not required Not required Not Required Required Required 
With required 
Predecessor 
Subsequent Not required Not required Required Required 
Event Inquiries 
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Engagement Summary 


Nonissuers Issuers 
Preparation Compilation Review Review Review No Audit or Review 
Service Prepared Compiled Review Review Review Unaudited 
Worked on | FS FS FS Financial FS FS 
information 
Period Any date Any date Any date Interim only Interim only Any date 
Standards | AICPA—SSARS | AICPA—SSARS | AlICPA—SSARS AICPA—SAS PCAOB PCAOB 
Procedures | Knowledge of | Knowledge Understanding | Understanding | Understanding | None—however, 
industry of industry with client with client with client CPA must read 
: ; ; the financial 
Understand Understand Learn entity's Learn entity's Learn entity's 
fi ial fi ial ae baie nee statements for 
inancia inancia usiness usiness usiness eRVIOUS eros 
reporting reporting : . : 
framework framework mquiry Inquiry Inquiry 
Prepare Read the FS Analytical Analytical Analytical 
the FS procedures procedures procedures 
Review—other | Review—other | Review—other 
procedures procedures procedures 
Client rep. letter | Client rep. letter | Client rep. letter 
Professional Professional Professional 
judgment judgment judgment 
Accountant Accountant Accountant 
communicates | communicates | communicates 
results results results 
Findings No assurance | No assurance | Limited Limited Limited No assurance 
(include (disclaimer) assurance assurance assurance (disclaimer) 
legend or 
disclaimer) 
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NOTES 
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The AICPA Code of 
Professional Conduct 


1 Overview 


The AICPA's Code of Professional Conduct governs any service that a member of the AICPA 
performs. These services include audits, special reports, compilations, reviews, and services 
performed on financial forecasts and projections, as well as attestation engagements. Members 
not in public practice are governed by certain requirements of the Code of Professional Conduct 
as well. 


A professional code of conduct is a distinguishing mark of a profession that accepts a high degree 
of responsibility toward the public. It is a voluntary acceptance for the purpose of benefiting 
society. The AICPA Code of Professional Conduct addresses the question of what is "right" and 
"just." The code consists of principles and rules as well as interpretations and other guidance. 


The code utilizes certain terms to enhance the clarity of the interpretations and definitions. 
= Consider: Used when the member is required to think about several matters. 
= Evaluate: Used when the member has to assess and weigh the significance of a matter. 


= Determine: Used when the member has to come to a conclusion and make a decision 
ona matter. 


The code is separated into three parts: 
1. Members in public practice 
2. Members in business 


3. Other members 
2 Principles 


Principles provide the framework that is the basis for the code of conduct. 


= Responsibilities: "In carrying out their responsibilities as professionals, members should 
exercise sensitive professional and moral judgments in all their activities." 


= Public Interest: "Members should accept the obligation to act in a way that will serve the 
public interest, honor the public trust, and demonstrate commitment to professionalism." 
This relates to the profession's acceptance of responsibility to the public. 


= Integrity: "To maintain and broaden public confidence, members should perform all 
professional responsibilities with the highest sense of integrity." Integrity addresses the 
question of what is right and just. 


= Objectivity and Independence: "A member should maintain objectivity and be free of 
conflicts of interest in discharging professional responsibilities. A member in public practice 
should be independent in fact and appearance when providing auditing and other attestation 
services." (Emphasis added.) 
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Ves Pass Key 


For exam purposes, it is key to remember that objectivity applies to all services rendered; 
but independence applies to attest services only (audits, special reports, examinations, 
agreed-upon procedures, and reviews). 


= Due Care: "A member should observe the profession's technical and ethical standards, 
strive continually to improve competence and the quality of services, and discharge 
professional responsibility to the best of the member's ability." 


= Scope and Nature of Services: "A member in public practice should observe the Principles 
of the Code of Professional Conduct in determining the scope and nature of services to 
be provided." 


This requires members to: 
1. Have adequate internal quality control measures to ensure quality work; 


2. Determine whether, for audit clients, conflicts of interest arise due to the scope and nature 
of other services; and 


3. Assess whether the firm's activities are consistent with professionalism. 


3 Rules 


The "rules" portion of the code consists of rules, interpretations, and rulings that govern the 
specific performance of members. The rules that apply to members are based on whether they 
are a member in public practice, a member in business, and/or an other member. 


Rules by Type of Member 


Member 
Other Member 
Member in Member in (i.e., retired or 
Rules Public Practice Business unemployed) 

Independence Rule v 
Integrity and Objectivity Rule v v 
General Standards Rule v v 
Compliance With Standards Rule v v 
Accounting Principles Rule v v 
Confidential Client Information Rule v 
Contingent Fees Rule v 
Acts Discreditable Rule v v v 
Advertising and Other Forms of Solicitation Rule v 
Commissions and Referral Fees Rule v 
Form of Organization and Name Rule v 
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3.1. Independence Rule 


A member in public practice shall be independent in the performance of professional services as 
required by standards promulgated by bodies designated by the AICPA Council. 


=m Independence is not required for compilations and non-attestation services (e.g., tax 
services, consulting services). 


=m Independence must be maintained by "covered members." 


=m Acovered member's spouse and dependents are also generally subject to the 
Independence Rule. 


= Amember must have independence of mind and in appearance. 


Vee Pass Key 


A "covered member" is: 


e An individual on the attest engagement team 
e An individual in a position to influence the attest engagement 


e Apartner who provides more than 10 hours of non-attest services to the attest client 
within any fiscal year 


e A partner in the office in which the lead attest engagement partner primarily practices 
in connection with the attest engagement 


e The firm, including the firm's employee benefit plans 


e An entity for which operating, financial, or accounting policies can be controlled by any 
of the individuals or entities described above 


3.1.1 Independence Impaired by Financial Interests 


=m Independence is impaired if a covered member has a direct financial interest (regardless of 
materiality) or a material indirect financial interest in an attestation client. 


Direct financial interests are ownership interests held directly in a client. Examples 
would include: 


e Stock ownership, even if owned in a blind trust. 

e Financial interest in a client through a partnership and the member is a general partner. 
e Financial interest in a trust when the member is the trustee. 

An indirect financial interest involves a removed relationship. Examples would include: 

e Member owns shares in a mutual fund that invests in the attestation client. 


e Member owns a direct financial interest in Company A, and Company A has a direct 
financial interest in the attestation client. 
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Independence is impaired if a covered member or his immediate family (spouse or 
dependents) has a loan to or from a client. 


Independence is impaired by acceptance of more than a token gift. 
Independence is not impaired in a financial institution client by: 

e Fully collateralized car loans with a financial institution client. 
e Cash advance or credit card balances not exceeding $10,000. 

e  Abank account that is fully insured by the government. 

e Apassbook loan. 


Independence is impaired if a close relative has a financial interest in the attest client that 
the covered member knows or has reason to believe is material to the close relative or 
enabled the close relative to exercise significant influence over the attest client. 


3.1.2 Independence Impaired by Employment Relationships 


Independence may be impaired if a member was previously employed by the attest client, or if a 
member leaves the audit firm for a position with the client. 


Independence is impaired if an individual who was formerly employed by the client 
participates on the engagement team or is in a position to influence the engagement when 
the engagement covers any period of his or her former employment with the client. 


Independence is impaired by an immediate family member or close relative's employment 
with a client in a key position (e.g., independence would be impaired if the spouse was the 
client's internal auditor). 


Independence is impaired if a partner or professional employee leaves the firm and is 
employed by the client in a key position unless the individual is no longer in a position 
to influence or participate in the firm's business decisions and the amounts due to the 
individual are immaterial to the firm. 


e When the individual joins the client in a key position within one year of disassociating 
from the firm and has significant interaction with the engagement team, independence 
will be impaired unless the engagement is reviewed by a qualified professional to 
determine whether the engagement team members maintained the appropriate level of 
skepticism when evaluating the representations and work of the former firm member. 


Independence is impaired if an individual who is a member of the engagement team or is in 
a position to influence the engagement is seeking or discussing potential employment with 
the client or has been offered employment by the client unless the individual notifies the 
firm and is removed from the engagement. 
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3.1.3. Independence Impaired by Business Relationships 


Independence is impaired if a member makes management decisions for an attest client. 


Examples of business relationships with an attestation client that impair independence 
would include: 


e Director, officer, employee, or a position where the member acts in a management capacity 
e Promoter, underwriter, broker-dealer, or voting trustee 

e Stock transfer or escrow agent 

e General counsel 


e Trustee for a client's pension or profit-sharing trust 


A firm may perform non-attest services for a client and still be independent as long as the 
firm does not serve or appear to serve as a member of a client's management (e.g., the 
firm may not make operational or financial decisions for the client, perform management 
functions, or report to the board on behalf of management). 


Examples of activities with an attestation client that impair independence would include: 


e Bookkeeping activities that include authorizing, executing, or consummating a 
transaction on behalf of a client or preparing source documents or originating data 
(e.g., purchase orders). 


e Having custody of the client's assets. 
e Supervising client employees in the performance of normal recurring activities. 
e Financial information systems design and implementation. 


e Appraisal, valuation, or actuarial services when the results are material to the financial 
statements and subject to a significant degree of subjectivity. 


e Management of internal audit activities. 


e Litigation services where the firm serves as a trier of fact, special master, court-appointed 
expert, or arbitrator. 


e Expert witness services. 


= Independence is not impaired by being a member of or an honorary trustee for a 
not-for-profit charitable, civic, or religious group if the position is purely honorary and the 
member does not participate in any management functions. 

= Membership in the same trade association as a client does not impair independence unless 


the member serves in a management capacity. 
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3.1.4 Other Reasons Independence May Be Impaired 


= Amember's independence is impaired with respect to a client who is more than one year 
overdue in the payment of professional fees. Usually, fees from one year must be paid 
before the issuance of a report on the following year's work. 


= Actual or threatened litigation may impair independence, regardless of who is the plaintiff 
and who is the defendant. 


e For example, independence is impaired if an auditor sues management for fraud or 
if the client sues the auditor for audit deficiencies. Even the threat of a suit for audit 
deficiencies would impair independence if it is likely the suit will be initiated. 


e Independence is not impaired by a suit for an immaterial dollar amount for work 
unrelated to an attestation service. 


ye Pass Key 


The most heavily tested area of the Code of Conduct and professional responsibilities is the 
Independence Rule. Candidates should be very familiar with the rule's provisions. 


3.2. Integrity and Objectivity Rule 


The Code of Conduct states, "In the performance of any professional service, a member shall 
maintain objectivity and integrity, shall be free of conflicts of interest, and shall not knowingly 
misrepresent facts or subordinate his or her judgment to others." 


A conflict of interest may occur if a member has a significant relationship with a client that 

could be viewed as impairing the member's objectivity. The service may still be performed if the 
relationship is disclosed and the consent of the client is obtained. Disclosure and consent cannot 
eliminate the necessity for independence when it is required. 


Members engaged in educational services and client advocacy must act with integrity 
and objectivity. 


3.3. General Standards Rule 


A member must comply with the following standards in all engagements: 


= Professional Competence: Undertake only those professional services that the member or 
the member's firm can reasonably be expected to complete with professional competence. 


Professional competence includes the technical qualifications of the CPA and of the CPA's 
staff, the ability to supervise and evaluate work, and the knowledge of technical subject 
matter or the ability to obtain that knowledge by research or by consulting with others. 


= Due Professional Care: Exercise due professional care in the performance of 
professional services. 


e The member must possess the same degree of skill commonly possessed by others in 
the field. 


e The member must act as a reasonably prudent accountant would. 


e The member must critically review work done by those assisting in the engagement at 
every level of supervision. 
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= Planning and Supervision: Adequately plan and supervise the performance of 
professional services. 


= Sufficient Relevant Data: Obtain sufficient relevant data to afford a reasonable basis for 
conclusions or recommendations in relation to any professional services performed. 


3.4 Compliance With Standards Rule 


A member who performs auditing, review, compilation, management consulting, tax, or other 
professional services must comply with standards promulgated by bodies designated by the 
AICPA Council. 


= Auditing Standards Board and PCAOB (issue statements on auditing standards). 


= Management Consulting Services Executive Committee (issues statements on standards for 
management consulting services). 


= Accounting and Review Services Committee (issues statements on standards for accounting 
and review services). 


= Government Accounting Standards Board (issues statements of governmental accounting 
standards). 


= Tax Executive Committee (issues statements on tax services). 
= Attestation Standards (issue statements for attestation standards). 


=m Financial Accounting Standards Board (establishes standards for U.S. financial accounting 
and reporting). 


= International Accounting Standards Board (establishes standards for international financial 
accounting and reporting). 


= Personal Financial Planning Executive Committee (issue standards on personal 
financial planning). 


3.5 Accounting Principles Rule 


A member shall not express an opinion or state affirmatively or negatively that financial 
statements are presented in conformity with generally accepted accounting principles (GAAP) 
if there is any departure from an accounting principle that has a material effect on the 
financial statements. 


Unusual circumstances may justify a departure from GAAP if compliance would cause the 
financial statements to be misleading. 


= Interpretations of the code specifically recognize new legislation and new forms of business 
transactions as occasions that might justify a departure from GAAP. 


m An unusual degree of materiality or the existence of conflicting industry practices would not 
justify departure from GAAP. 


=m The departure, when justified, must be described and explained. 
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3.6 Confidential Client Information Rule 


A member in public practice shall not disclose any confidential client information without the 
specific consent of the client. 


3.6.1 Exceptions 


A member is obligated to disclose confidential information even without the consent of the 
client in the following circumstances: 


1. Amember must disclose confidential client information if necessary to comply with a validly 
issued subpoena or summons. 


e The member is not required to notify the client that its records have been subpoenaed 
or that asummons related to the client's records has been issued. The member may 
wish to consult with legal counsel to determine the validity and enforceability of the 
subpoena or summons and the specific client information required to be provided. The 
member may also wish to consult with his or her state board of accountancy. 


2. Amember must disclose confidential information as a part of a quality review of the 
member's professional practices authorized by the AICPA (i.e., a request for confidential 
information by a state CPA society voluntary quality control review panel). 


3. Amember must disclose confidential client information in response to any inquiry 
either made by the ethics division or the trial board of the AICPA or by a duly constituted 
investigative or disciplinary body of a state CPA society, or under authority of state statutes. 


L Pass Key 


The examiners often ask to whom a CPA may disclose client audit documentation without 
consent of the client. Memorize the above paragraphs and you will have no problem with 
such a question on your exam. 


3.7. Contingent Fees Rule 


A contingent fee is established for performing services when: 
1. No fee is charged unless a specific finding or result is obtained; or 
2. The fee amount is dependent upon the finding or result obtained. 


Contingent fees are specifically prohibited for audits and reviews of financial statements or 
examinations of prospective financial information. In addition, a member in public practice is 
prohibited from preparing an original or amended tax return or claim for a tax refund for a 
contingent fee for any client. 


Contingent fees are permitted in the following cases: 


=m Fees are not regarded as being contingent when they are fixed by courts or other public 
authorities or in tax matters, if they are based on the results of court proceedings or the 
findings of governmental agencies (e.g., a contingent fee is permitted when representing a 
client in an examination of a tax return by an IRS agent). 


= Contingent fees are permitted for compilations of financial statements expected to be used 
by third parties only if the member includes a statement that the member is not independent. 
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3.8 Acts Discreditable Rule 


A member shall not commit an act discreditable to the profession. 
The following acts are discreditable to the profession: 
= Failure to return records to a client after the client makes demand. 


= Determination by a court or administrative agency of discrimination or harassment in 
public practice. 


= Failing to follow applicable standards or procedures in government audits unless the 
member discloses that the standards were not followed and the reasons for noncompliance. 


= Negligence in preparing financial statements or records. 


= Failing to follow GAAS and other applicable standards of government agencies unless the 
member discloses that the standards were not followed and the reasons for noncompliance. 


= Solicitation or disclosure of CPA Examination questions and answers. 


= Failure to timely file a personal or firm tax return or to timely remit payroll or other taxes 
collected on behalf of others. 


= Failure to follow regulatory requirements (where applicable) prohibiting the use of certain 
types of indemnification and limitation of liability provisions. 


= Promotion or marketing of the member's abilities to provide professional services or 
making claims about the member's experience or qualifications in a manner that is false, 
misleading, or deceptive. This includes any representation about CPA licensure or any other 
professional certification or accreditation that is not in compliance with the requirements of 
the relevant licensing authority or designating body. 


= Amember whose employment relationship is terminated shall not take or retain (a) 
originals or copies (in any format) from the firm's client files; or (b) proprietary information 
without the firm's permission unless the member has a contractual arrangement with the 
firm allowing such action. 


= Disclosure of confidential information obtained from a prospective client or non-client 
without consent. 


3.9 Advertising and Other Forms of Solicitation Rule 


A member in public practice shall not seek to obtain clients by advertising or other forms of 
solicitation in a manner that is false, misleading, or deceptive. 


Advertisements and solicitations are misleading or deceptive if they: 
= Create false or unjustified expectations of favorable results. 

= Imply the ability to influence a court, regulatory agent, or official. 
= Intentionally underestimate fees. 
a 


Would mislead or deceive a reasonable person. 
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3.10 Commissions and Referral Fees Rule 


A member in public practice shall not for a commission recommend or refer to a client any 
product or service when the member or the member's firm also performs for that client: 


= An audit or review of financial statements. 


= Acompilation of financial statements expected to be used by third parties, when the 
member does not disclose a lack of independence. 


= An examination of prospective financial information. 


A member performing other services not prohibited above may receive a commission, but the 
commission must be disclosed to the client. 


A member who receives a referral fee for recommending another CPA or pays a referral fee to 
obtain a client must disclose this to the client. 
3.11 Form of Organization and Name Rule 


3.11.1 The Use of Misleading Firm Names Is Not Allowed 


= A firm may not designate itself as "Members of the American Institute of Certified Public 
Accountants" unless all of its CPA owners are members of the Institute. 


= A firm may not designate itself as "CPAs" unless all of its owners are CPAs. 


The ideal designation following the firm name would be "CPAs, Members AICPA," if all 
owners were both CPAs and members of the AICPA. 


= A firm may continue to use the names of one or more past owners. 


= [fall partners except one have died or left the firm, the remaining partner may continue to 
practice under the partnership name for up to two years after becoming a sole practitioner. 


3.11.2 Ownership of CPA Firms 


= CPA Ownership: A majority of the ownership, both in financial interests and in voting rights, 
must belong to CPAs. Any non-CPA owner must be actively engaged as a firm member in 
providing services to the firm's clients. 


ACPA must have ultimate responsibility for all services provided by the firm and by each 
business unit providing attest and compilation services and other services governed by 
Statements on Auditing Standards (SAS) or Statements on Standards for Accounting and 
Review Services (SSARS). 


= Non-CPA Owners: Non-CPA owners can use the title, "principal," "owner," "officer," 
"member," "shareholder," or any other title permitted by state law, but not hold themselves 
out to be CPAs. 


Owners shall own their equity in their own right and be the beneficial owners of the equity 
capital ascribed to them. 


3.11.3 Use of CPA Title in Private Industry 


A CPA employee in private industry may use the designation CPA in signing a report only if the 
use of that designation does not imply to readers of the report that the CPA is independent. 


It is advisable to indicate one's own employment title within the private firm. 
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4 Conceptual Framework 


4.1. Background 


The AICPA Code of Professional Conduct includes principles, rules, and interpretations. The 
conceptual frameworks are applied when none of the other three components provide 
adequate guidance or in a situation in which there is a threat or threats to complying with 
the rules. 


Pass Key 


The rules and interpretations portion of the AICPA Code of Professional Conduct seek to 
address many situations; however, they cannot address all relationships or circumstances 
that may arise. Thus, in the absence of an interpretation that addresses a particular 
relationship or circumstance, a member should apply the appropriate conceptual 
framework approach. The conceptual framework cannot be used to override any rules 
stated in the code. 


There are three conceptual frameworks included in the AICPA Code of Professional Conduct: 
1. Conceptual Framework for Members in Public Practice 

Members in public practice render attest, tax, and management advisory services. 
2. Conceptual Framework for Independence 


Members in public practice are required to apply the Conceptual Framework Approach for 
Independence when faced with threats to independence. 


3. Conceptual Framework for Members in Business 


Members in business are employed or engaged on a contractual or volunteer basis in a(n) 
executive, staff, governance, advisory, or administrative capacity in such areas as industry, 
the public sector, education, the not-for-profit sector, and regulatory or professional bodies 
(e.g., controller). This does not include a member engaged in public practice. 


A member may have multiple roles, such as a member in business and a member in public 
practice. In such circumstances, the member should consult all applicable parts of the code and 
apply the most restrictive provisions. 


The conceptual framework approach requires entities to: 
= Identify threats to compliance with the fundamental principles. 
=m Evaluate the significance of the threat. 


= Apply safeguards to eliminate threats or reduce threats to an acceptable level, 
whenever possible. 


The acceptable level is the level at which a reasonable and informed third party who 
is aware of the relevant information would be expected to conclude that a member's 
compliance with the rules is not compromised. 
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4.2. Threats to Compliance With the Fundamental Principles 


Threats to compliance with the fundamental principles may fall into one or more threat 
categories, as shown in the table below. 


(The threat categories are virtually the same among the conceptual frameworks. Generally, 

the difference in definition is that threats related to members in public practice reference the 
client, threats to members in business reference the employing organization, and threats to 
independence reference the attest client. Where slight differences exist, the wording is italicized.) 


Conceptual Framework For: 


Members in 
Public Practice 


Members in Business 


Independence 


Adverse 
Interest threat 


The threat that a member 
will not act with objectivity 
because the member's 
interests are opposed to 
the client's interests. 


The threat that a member 
will not act with objectivity 
because the member's 
interests are opposed 

to the interests of the 
employing organization. 


The threat that a member 
will not act with objectivity 
because the member's 
interests are in opposition 
to the interests of an attest 
client. 


Advocacy 
Threat 


The threat that a member 
will promote a client's 
interests or position to 
the point that his or her 
objectivity or independence 
is compromised. 


The threat that a member 
will promote an employing 
organization's interests or 
position to the point that 
his or her objectivity is 
compromised. 


The threat that a member 
will promote an attest 
client's interests or position 
to the point that his 

or her independence is 
compromised. 


Familiarity 
Threat 


The threat that, because 
of along or close 
relationship with a client, a 
member will become too 
sympathetic to the client's 
interests or too accepting 
of the client's work or 
product. 


The threat that, because of 
a long or close relationship 
with a person or an 
employing organization, 

a member will become 

too sympathetic to their 
interests or too accepting 
of the person's work or 
employing organization's 
product or service. 


The threat that, because of 
a long or close relationship 
with an attest client, a 
member will become too 
sympathetic to the attest 
client's interests or too 
accepting of the attest 
client's work or product. 


Management 
Participation 
Threat 


The threat that a member 
will take on the role 

of client management 

or otherwise assume 
management 
responsibilities; such 

may occur during an 
engagement to provide 
non-attest services. 


N/A 


The threat that a 

member will take on 

the role of attest client 
management or otherwise 
assume management 
responsibilities for an 
attest client. 


Self-Interest 
Threat 


The threat that a member 
could benefit, financially 
or otherwise, from an 
interest in, or relationship 
with, a client or persons 
associated with the client. 


The threat that a member 
could benefit, financially or 
otherwise, from an interest 
in, or relationship with, the 
employing organization or 
persons associated with the 
employing organization. 


The threat that a member 
could benefit, financially 
or otherwise, from an 
interest in, or relationship 
with, an attest client or 
persons associated with 
the attest client. 
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Members in 
Public Practice 


Members in Business 


Independence 


Self-Review 
Threat 


The threat that a member 
will not appropriately 
evaluate the results of a 
previous judgment made 
or service performed 

or supervised by the 
member or an individual 
in the member's firm and 
that the member will rely 
on that service in forming 
a judgment as part of 
another service. 


The threat that a member 
will not appropriately 
evaluate the results of a 
previous judgment made 
or service performed or 
supervised by the member, 
or an individual in the 
employing organization and 
that the member will rely 
on that service in forming 
a judgment as part of 
another service. 


The threat that a member 
will not appropriately 
evaluate the results of a 
previous judgment made, 
or service performed or 
supervised by the member 
or an individual in the 
member's firm and that 
the member will rely on 
that service in forming a 
judgment as part of an 
attest engagement. 


Undue 
Influence 
Threat 


4.3 


The threat that a member 
will subordinate his or her 
judgment to an individual 
associated with a client or 
any relevant third party 
due to that individual's 
reputation or expertise, 
aggressive or dominant 
personality, or attempts 
to coerce or exercise 
excessive influence over 
the member. 


The threat that a member 
will subordinate his or 

her judgment to that of an 
individual associated with 
the employing organization 
or any relevant third party 
due to that individual's 
position, reputation or 
expertise, aggressive or 
dominant personality, 

or attempts to coerce or 
exercise excessive influence 
over the member. 


Evaluate the Significance of the Threat 


The threat that a member 
will subordinate his or 
her judgment to that of 
an individual associated 
with an attest client or 
any relevant third party 
due to that individual's 
reputation or expertise, 
aggressive or dominant 
personality, or attempts 
to coerce or exercise 
excessive influence over 
the member. 


In evaluating the significance of an identified threat, the member should determine whether 
a threat is at an acceptable level. Members should consider both qualitative and quantitative 
factors when evaluating the significance of a threat, including the extent to which existing 

safeguards already reduce the threat to an acceptable level. 


If the member evaluates the threat and concludes that a reasonable and informed third party 
who is aware of the relevant information would be expected to conclude that the threat does 
not compromise a member's compliance with the rules, the threat is at an acceptable level, 
and the member is not required to evaluate the threat any further under the conceptual 
framework approach. 


4.4 


Safeguards That May Eliminate or Reduce Threats 


If, in evaluating the significance of an identified threat, the member concludes that the threat 
is not at an acceptable level, the member should apply safeguards to eliminate the threat or 


reduce it to an acceptable level, if possible. 


Safeguards fall into one of the following categories for the conceptual framework for members 
in public practice and conceptual framework for independence: 


1. Safeguards created by the profession, legislation, or regulation. 


2. Safeguards implemented by the client: It is not possible to rely solely on safeguards 
implemented by the client to eliminate or reduce significant threats to an acceptable level. 


3. Safeguards implemented by the firm: This includes policies and procedures to implement 
professional and regulatory requirements. 
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Safeguards fall into one of the following categories for the conceptual framework for members 
in business: 


1. Safeguards created by the profession, legislation, or regulation. 


2. Safeguards implemented by the employing organization. 


Example of adverse interest threat includes: 


e The member or client/attest client/employing organization commences litigation against 
the other or expressing the intent to commence litigation. 


Examples of advocacy threat include: 
e Amember endorses a client's services or products. 


e The member gives or fails to give information that the member knows will unduly 
influence the conclusions reached by an external service provider or other third party. 


e Amember promotes the attest client's securities as part of an initial public offering. 
Examples of familiarity threat include: 
e Amember has a close friend who is employed by the client/attest client. 


e Amember regularly accepts gifts or entertainment from a vendor or customer of the 
employing organization. 


Examples of management participation threat include: 
e Amember serves as an officer or a director of the attest client. 


e Amember accepts responsibility for designing, implementing, or maintaining internal 
controls for the attest client. 


Examples of self-interest threat include: 
e Amember or his or her firm relies excessively on revenue from a single client/attest client. 


e Amember is eligible for a profit or other performance-related bonus at the employing 
organization, and the value of that bonus is directly affected by the member's decisions. 


Examples of self-review threat include: 
e The member performs bookkeeping services for a client. 


e When the member performs an internal audit procedure at the employing organization, 
the member reviews work that he or she previously performed in a different position. 


Examples of undue influence threat include: 


e The client indicates that it will not award additional engagements to the firm if the firm 
continues to disagree with the client on an accounting or tax matter. 


e Amember is pressured to become associated with misleading information. 


e The attest client's management pressures the member to reduce necessary audit 
procedures in order to reduce audit fees. 
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Illustration 5 Safeguards 


Examples of safeguards created by the profession, legislation, or regulation: 


e Education and training requirements on ethics, independence, and/or professional 
responsibilities. 


e Continuing education requirements on independence and/or ethics. 

e Professional standards and the threat of discipline. 

e Legislation establishing prohibitions and requirements for employees. 

e Competency and experience requirements for professional licensure. 

e Professional resources, such as hot lines, for consultation on ethical issues. 


Examples of safeguards implemented by the client that would operate in combination 
with other safeguards are as follows: 


e The client has personnel with suitable skill, knowledge, or experience who make 
managerial decisions about the delivery of professional services and makes use of 
third-party resources for consultation as needed. 


e The tone at the top emphasizes the client's commitment to fair financial reporting and 
compliance with the applicable laws, rules, regulations, and corporate governance policies. 


e A governance structure, such as an active audit committee, is in place to ensure 
appropriate decision making, oversight, and communications regarding a firm's services. 


Examples of safeguards implemented by the firm: 


e Documented policies regarding the identification of threats to compliance with the rules, 
the evaluation of the significance of those threats, and the identification and application 
of safeguards that can eliminate identified threats or reduce them to an acceptable level. 


e Discussion of independence and ethics issues with the audit committee or others 
responsible for the client's governance. 


e The removal of an individual from an attest engagement team when that individual's 
financial interests or relationships pose a threat to independence or objectivity. 


e Client acceptance and continuation policies that are designed to prevent association with 
clients that pose a threat that is not at an acceptable level to the member's compliance 
with the rules. 


e Policies and procedures that are designed to monitor the firm's, partner's, or partner 
equivalent's reliance on revenue from a single client and that, if necessary, trigger action 
to address excessive reliance. 


Examples of safeguards implemented by the employing organization are as follows: 


e Atone at the top emphasizing a commitment to fair financial reporting and compliance 
with applicable laws, rules, regulations, and corporate governance policies. 


e An audit committee charter, including independent audit committee members. 


e Internal policies and procedures requiring disclosure of identified interests or 
relationships among the employing organization, its directors or officers, and vendors, 
suppliers, or customers. 


e Human resource policies and procedures stressing the hiring and retention of technically 
competent employees. 
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Ethical and Independence 
Requirements: Part 1 


1‘ The Sarbanes-Oxley Act of 2002 


In 2002, in the wake of the collapse of Enron and WorldCom corporations and the restatement of 
financial statements of additional SEC reporting companies, Congress passed the Sarbanes-Oxley 
Act (SOX). SOX is a federal law that was enacted with the intent of improving the accuracy and 
reliability of financial information disclosed by public companies. SOX has had a profound effect 
on public companies and the audit with expanded requirements related to financial reporting. 


2 Impact of SOX on Audit Responsibilities 


2.1 Key Provisions of SOX Title I: Public Company Accounting 
Oversight Board (PCAOB) 


2.1.1. Establishment of the PCAOB 


Title | of the Sarbanes-Oxley Act provides for a Public Company Accounting Oversight Board 
composed of five members. Two members must be CPAs and three members cannot be CPAs. 


The board is subject to oversight by the SEC and has the duty to: 
=m register public accounting firms that prepare audit reports for issuers; 
= establish rules relating to the preparation of audit reports for issuers; and 


=™ conduct inspections, investigations, and disciplinary proceedings concerning registered 
public accounting firms. 


The PCAOB must conduct annual inspections of registered public accounting firms that 
regularly provide audit reports for more than 100 issuers. Registered public accounting 
firms that provide audit reports for 100 or fewer issuers must be inspected at least once 
every three years. 


2.1.2 Registration With PCAOB: Only Registered Firms Can Audit an SEC Issuer 


In accordance with Title I, only a "registered public accounting firm" (i.e., an accounting firm 
registered with the PCAOB) may prepare audit reports for an SEC issuer. 


The application for registration must be updated annually and contain: 


m= the names of issuers audited in the preceding and current year, including annual fees 
received for such audits; 
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a statement of the firm's quality control policies; 
a list of all firm accountants who will participate in the audits; 


legal or disciplinary proceedings pending against the firm; and 


disclosures filed by audited issuers concerning accounting disagreements between the 
issuer and the firm related to audits. 


Each registered firm must consent to cooperate with any request from the Public Company 
Accounting Oversight Board concerning testimony or production of documents. 


2.1.3 Each Registered Firm Must Adhere to the Following Auditing Standards 


= Audit documentation must be maintained for seven years (criminal penalties will apply for 
failure to retain papers for at least seven years). 


m= Provide a concurring or second partner review of each audit report. 


= Describe in audit reports the scope of the testing of the issuer's internal control structure 
and procedures. 


2.1.4 Quality Control Standards Required of Registered Firms 


Registered accounting firms must monitor professional ethics and independence from issuers 
that they audit and must supervise audit work. 


2.1.5 Investigations and Sanctions 


The board can conduct investigations of wrongdoing by registered firms or associated persons 
of those firms. If a firm or associated person is found to have violated the provisions of the 
Sarbanes-Oxley Act, the rules of the PCAOB, or the provisions of securities laws relating to the 
preparation and issuance of audit reports, the PCAOB can impose the following sanctions: 


= temporary suspension or permanent revocation of PCAOB registration; 

= temporary or permanent suspension or bar of a person from associating with a registered firm; 
= temporary or permanent limitation on the activities, functions, or operations of a firm or person; 
a 


civil monetary penalties of no more than $750,000 for individuals and $15,000,000 for 
registered firms for intentional or knowing conduct, including reckless conduct, that results 
in violations or repeated instances of negligent conduct; and penalties of no more than 
$100,000 for individuals and $2,000,000 for registered firms for other violations; 


m™ censure; 
® require professional education or training; and 


=m any other PCAOB approved sanction. 
2.2 Key Provisions of SOX Title II: Auditor Independence 
2.2.1 Prohibited Services 


To maintain auditor independence, a registered public accounting firm that performs SEC audits 
may not provide the following services to the audit client: 


= Bookkeeping; 

= Financial information systems design and implementation; 
= Appraisal and valuation services; 
a 


Actuarial services; 
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Management functions or human resources services; 
Internal audit outsourcing services; 
Services as a broker, dealer, investment advisor, or investment banker; 


Legal services; and 


Expert services unrelated to the audit. 


Tax services are permissible if preapproved by the audit committee. 


2.2.2 Audit Partner Requirements 


The lead audit or coordinating partner and the reviewing partner must rotate off the audit 
every five years. Under PCAOB rules, auditors of issuers must also disclose the name of the 
engagement partner. 


2.2.3 Registered Firms Must Report to Audit Committees 


All auditing services and permitted non-audit services provided by an auditor to an issuer should 
be preapproved by the audit committee of the issuer. 


Registered firms must report the following to the audit committees of audited corporations: 
m= the critical accounting policies and practices to be used; 


= alternative accounting treatments discussed with the corporation's management, the 
ramifications of the alternatives, and the treatment the firm prefers; and 


= material written communications between the audit firm and management, including a 
schedule of unadjusted audit differences and any management letter. 


2.2.4 Conflicts of Interest 


The audit firm cannot have employed the issuer's CEO, CFO, controller, chief accounting officer, 
or any person serving in an equivalent position for a one-year period preceding the audit. 


3 Impact of SOX on Entity Responsibilities 


With the goal of increasing the accuracy and reliability of the financial information reported by 
issuers, the Sarbanes-Oxley Act includes numerous provisions for expanded disclosures and 
the requirement of specific representations by public company officers that accompany the 
published financial statements. 


3.1 Key Provisions of SOX Title Ill: Corporate Responsibility 


The corporate responsibility section of the act relates to the establishment of an audit 
committee and the representations made by key corporate officers, typically the chief executive 
officer (CEO) and the chief financial officer (CFO). 


3.1.1 Public Company Audit Committees 


= Public companies are responsible for establishing an audit committee that is directly 
responsible for the appointment, compensation, and oversight of the work of the public 
accounting firm employed by that public company (also referred to as an issuer). 


e The auditor reports directly to the audit committee. 


e The audit committee is responsible for resolving disputes between the auditor and 
management. 
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= Audit committee members are to be members of the issuer's board of directors but are to 
be otherwise independent. Independence criteria are as follows: 


e Audit committee members may not accept compensation from the issuer for consulting 
or advisory services. 


e Audit committee members may not be an affiliated person of the issuer. 
(Affiliation means a person having the ability to influence financial decisions). 


= Audit committees must establish procedures to accept reports of complaints regarding 
audit, accounting, or internal control issues (whistleblower hotlines). 


e Procedures must accommodate confidential, anonymous reports by employees of 
the issuer. 


e Procedures must accommodate receipt and retention of complaints as well as a method 
to address those complaints. 


3.1.2 Corporate Responsibility for Financial Reports 


Corporate officials, typically the CEO and CFO, must sign certain representations regarding 
annual and quarterly reports, including their assertion that: 


=m They have reviewed the report. 
=m The report does not contain untrue statements or omit material information. 


= The financial statements fairly present in all material respects the financial condition and 
results of operations of the issuer. 


=m The CEO and CFO signing the report have assumed responsibility for internal controls, 
including assertions that: 


e Internal controls have been designed to ensure that material information has been 
made available. 


e — Internal controls have been evaluated for effectiveness as of a date within 90 days prior 
to the report. 


e Their report includes their conclusions as to the effectiveness of internal controls based 
on their evaluation. 


=m The CEO and CFO signing the report assert that they have made the following disclosures to 
the issuer's auditors and the audit committee: 


e All significant deficiencies and material weaknesses in the design or operation of 
internal controls which might adversely affect the financial statements. 


e Any fraud (regardless of materiality) that involves management or any other employee 
with a significant role in internal controls. 


m The CEO and CFO signing the report must also represent whether there have been any 
significant changes to internal controls. 


3.1.3 Improper Influence on the Conduct of Audits 


It is unlawful for any officer or director of an issuer, or any person acting under the direction 

of an officer or director, to take any action to fraudulently influence, coerce, manipulate, or 
mislead any independent public or certified accountant engaged in the performance of an audit 
of the financial statements of the issuer for the purpose of rendering such financial statements 
materially misleading. 
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3.1.4 Forfeiture of Certain Bonuses and Profits 


If an issuer is required to prepare an accounting restatement due to material noncompliance 
with any financial reporting requirement under the securities laws, the CEO and CFO may be 
required to reimburse the issuer for: 


= bonuses or incentive-based or equity-based compensation. 


= gains on sale of securities during that 12-month period. 


3.2 Key Provisions of SOX Title IV: Enhanced Financial Disclosures 


The enhanced financial disclosures associated with issuer reports include additional details 
regarding the financial statements, internal controls, and the operations of the audit committee. 


3.2.1 Disclosures in Periodic Reports (Generally Quarterly or Annually) 


Financial statement disclosures are intended to ensure that the application of GAAP reflects the 
economics of the transactions included in the report and that those transactions are transparent 
to the reader. Enhanced disclosure requirements include the following: 


= All material correcting adjustments identified by the auditor should be reflected in the 
financial statements. 


= The financial statements should disclose all material off-balance sheet transactions: 
e Operating leases 
e Contingent obligations 
e — Relationships with unconsolidated subsidiaries 
= Conformance of pro forma financial statements to the following requirements: 
e No untrue statements 
e No omitted material information 
e — Reconciled with GAAP basis financial statements 


=m Use of special purpose entities (SPEs). 


3.2.2 Enhanced Conflict of Interest Provisions 
Issuers are generally prohibited from making personal loans to directors or executive officers. 


= Exceptions apply if the consumer credit loans are made in the ordinary course of business 
by the issuer. 


= Exceptions apply if the terms offered to the officer are generally made available to the 
public under similar terms and conditions with no preferential treatment. 


3.2.3. Disclosure of Transactions Involving Management and Principal Stockholders 


= Disclosures are required for persons who generally have direct or indirect ownership of 
more than 10 percent of any class of most any equity security. Disclosures are made by 
filing a statement. 


=m Statements are filed at the following times: 
e  Atthe time of registration 
e When the person achieves 10 percent ownership 


e If there has been a change in ownership 
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3.2.4 Management Assessment of Internal Controls 


The assessment of internal controls is commonly referred to as Section 404. Each annual report 
is required to contain a report that includes the following: 


= Astatement that management is responsible for establishing and maintaining an adequate 
internal control structure and procedures for financial reporting. 


m Anassessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness 
of the internal control structure and procedures for financial reporting. 


The auditor must attest to management's assessment of internal control. 


3.2.5 Certain Exemptions 

Investment companies are exempt from certain provisions of this act: 
= Disclosures in periodic reports; 

m Enhanced conflict of interest provisions; and 


m Management assessment of internal controls. 


3.2.6 Code of Ethics for Senior Officers 


= Issuers must disclose whether the issuer has adopted a code of conduct for senior officers 
(e.g., CEO, CFO, controller, and chief accountant). If no code of conduct has been adopted, 
the issuer must disclose the reasons. 


m The code of ethics contemplates standards that promote: 
e Honest and ethical conduct (including handling of conflicts of interest). 
e Full, fair, accurate, and timely disclosures in periodic financial reports. 
e Compliance with laws, rules, and regulations. 


=m Changes to or waivers from the code must be reported on a Form 8-K. 


3.2.7 Disclosure of Audit Committee Financial Expert 


At least one member of the audit committee should be a financial expert. Financial reports of 
the issuer must disclose the existence of a financial expert on the committee or the reasons why 
the committee does not have a member who is a financial expert. 


= Afinancial expert qualifies through education, past experience as a public accountant, or past 
experience as a principal financial officer, controller, or principal accounting officer for an issuer. 


= Knowledge of the financial expert should include: 
e Understanding of GAAP. 
e Experience in the preparation or auditing of financial statements for comparable issuers. 
e Application of GAAP. 
e Experience with internal controls. 


e Understanding of audit committee functions. 


3.2.8 Enhanced Review of Periodic Disclosures by Issuers 


The Securities and Exchange Commission (SEC) is required to review disclosures made by 
issuers, including those in Form 10-K, on a regular and systematic basis for the protection of 
investors. When scheduling reviews, the SEC should consider the following: 


= Issuers that have issued material restatements of financial results. 


m Issuers that experience significant volatility in their stock prices when compared to other issuers. 
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= Issuers with the largest market capitalization. 
= Emerging companies with disparities in price-to-earning ratios. 


=m Issuers whose operations significantly affect any material sector of the economy. 


3.3. Key Provisions of SOX Title VIII: Corporate and Criminal Fraud 
Accountability 


3.3.1. Criminal Penalties for Altering Documents 


= Individuals who alter, destroy, mutilate, conceal, cover up, falsify, or make false entry in any 
record, document, or tangible object with the intent to impede, obstruct, or influence an 
investigation will be fined, imprisoned for not more than 20 years, or both. 


= Auditors of issuers should retain all audit and review workpapers for a period of seven years 
from the end of the fiscal period in which the audit or review was conducted. Failure to do 
so will result in a fine, imprisonment for not more than 10 years, or both. 


3.3.2 Statute of Limitations for Securities Fraud 


The statute of limitations for securities fraud is no later than the earlier of two years after the 
discovery of the facts constituting the violation, or five years after the violation. 


3.3.3. Whistleblower Protection 


An employee who lawfully provides evidence of fraud may not be discharged, demoted, 
suspended, threatened, harassed, or in any other matter discriminated against for providing 
such information. An employee who alleges discharge or other discrimination for providing 
evidence of fraud may file a complaint with the Secretary of Labor and may be provided with 
compensatory damages, including: 


= reinstatement with the same seniority status that the employee would have had; 
= back pay with interest; and 


= compensation for any special damages as a result of the discrimination including litigation 
costs, expert witness fees, and reasonable attorney fees. 


3.3.4 Criminal Penalties for Securities Fraud 


An individual who knowingly executes, or attempts to execute, securities fraud will be fined, 
imprisoned not more than 25 years, or both. 


3.4 Key Provisions of SOX Title IX: White-Collar Crime Penalty 
Enhancements 


3.4.1 Attempt and Conspiracy 


An individual who attempts (conspires) to commit any white-collar offense will be subject to 

the same penalties as those who commit the offense, as predetermined by the United States 
Sentencing Commission. The penalties for mail and wire fraud were increased from five years 
to 20 years. The penalties for violating ERISA were increased from not more than $5,000 to not 
more than $100,000 and from not more than one year to not more than 10 years for individuals 
(either or both of the fine and the sentence may be imposed). Fines imposed upon persons who 
are not individuals cannot exceed $500,000. 
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3.4.2 Amendment to Sentencing Guidelines Related to Certain White-Collar Offenses 


=m The United States Sentencing Commission ("Sentencing Commission") will review and 
amend, as needed, the Federal Sentencing Guidelines and policy statements to carry 
out the provisions of the Attempt and Conspiracy Act. This includes ensuring that the 
sentencing guidelines and policy statements consider the nature of any offense and that the 
corresponding penalties are commensurate with the provisions of the act. In the event the 
Sentencing Commission determines a growing trend of a particular offense, it will review 
to determine whether any modifications to the Sentencing Guidelines or policy statements 
are necessary. 


= The Sentencing Commission will review any additional aggravating or mitigating 
circumstances for a particular offense that could justify an exception to the existing 
sentencing ranges. 


3.4.3 Failure of Corporate Officers to Certify Financial Reports 


=m Any issuer periodic report which contains financial statements that is filed with the SEC must 
be accompanied by the following: 


e Awritten statement that the periodic report fully complies with the Securities Exchange 
Act of 1934. 


e Awritten statement that the information contained in the report fairly presents, in all 
material respects, the financial condition and operating results of the issuer. 


e The written statements above must be signed by the chief executive officer and chief 
financial officer (or equivalent) of the issuer (who bear responsibility for these statements). 


m= Any party that certifies the periodic financial report and/or its content knowing that it does 
not satisfy all the requirements shall be fined and/or imprisoned. Specifically, a party who: 


e certifies any statement knowing that it does not comply with all requirements will be 
fined not more than $1,000,000 and/or imprisoned not more than 10 years; or 


e willfully certifies any statement knowing that it does not comply with all requirements 
will be fined not more than $5,000,000 and/or imprisoned not more than 20 years. 


3.5 Key Provisions of SOX Title XI: Corporate Fraud Accountability 
3.5.1 Tampering With Record or Impeding an Official Proceeding 


Any individual who alters, destroys, mutilates, or conceals a document (record) with the intent 
to modify the document and its integrity or the availability of the document in an official 
proceeding shall be fined and/or subject to not more than a 20-year prison term. 


3.5.2 Temporary Freeze Authority for the SEC 


If during an investigation pertaining to potential violations of federal securities laws by an 
issuer of publicly traded securities (or a director, officer, or employee acting on its behalf) 
the SEC determines it is likely that the issuer will be required to make penalty payments, the 
SEC may petition a federal district court to require the issuer to escrow the payments in an 
interest-bearing account for 45 days. 


3.5.3. Authority of the SEC to Prohibit Persons From Serving as Officers or Directors 


For any cease-and-desist proceedings, the SEC may issue an order to conditionally or 
unconditionally prohibit an individual from serving as an officer or director of the issuer for a 
stipulated period (or permanently) if that individual has violated securities rules and regulations 
and the SEC determines that this individual is unfit to serve as an officer or director of an issuer. 
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3.5.4 Retaliation Against Informants 


Any individual who knowingly takes any harmful action against another person with the intent 
to retaliate for that person providing truthful information to the SEC regarding a possible federal 
offense shall be fined and/or imprisoned for not more than 10 years. 


4 Independence Requirements of the SEC and PCAOB 


Rule 2-01 of the U.S. Securities and Exchange Commission (SEC) Regulation S-X outlines the 
independence rules that apply to the auditors of SEC registrants. The SOX independence rules 
have been incorporated into these rules and the PCAOB has adopted independence standards 
to conform to these rules. 


4.1. Principles of Independence 


When considering whether a circumstance raises independence concerns, the SEC looks to 
whether a client relationship or a service provided to an audit client: 


= Creates a mutual or conflicting interest between the auditor and client. 

= Results in the auditor acting as management or an employee of the audit client. 
m= Places the auditor in a position of auditing his or her own work. 
o 


Places the auditor in a position of being an advocate for the audit client. 


4.2 Circumstances That Impair Auditor Independence 


Rule 2-01 states that an accountant is not independent with respect to an audit client if the 
accountant is not, or a reasonable, knowledgeable investor would conclude that the accountant 
is not, capable of exercising objective and impartial judgment on all issues related to the 
accountant's engagement. The following is a non-exhaustive list of circumstances that impair 
auditor independence. 


4.2.1 Financial Relationships 


= Investments in Audit Clients: All direct investments and material indirect investments in 
audit clients during the period of professional engagement by the firm, any covered person 
in the firm, or any member of his or her immediate family impair auditor independence. 
Such investments include: 


e Direct investments in stocks, bonds, notes, options, or other securities of the audit 
client, including direct investments held through an intermediary. 


e Beneficial ownership of more than 5 percent of an audit client's equity securities. 


e Service as a voting trustee of a trust or executor of an estate containing securities of 
the audit client, unless there is no authority to make investment decisions for the trust 
or estate. 


e Material indirect investment in the audit client. 
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Ves Pass Key 


Under SEC rules, covered persons include the audit engagement team; the audit chain 

of command, which includes all persons who supervise or have direct management 
responsibility for the audit, all persons who evaluate the performance or recommend 

the compensation of the audit engagement partner, and all persons who provide quality 
control or other oversight of the audit; any other partner, principal, shareholder, or 
managerial employee of the firm who provided 10 or more hours of non-audit services 
to the audit client or expects to provide 10 or more hours of non-audit services to the 
client on a recurring basis; and any other partner, principal, or shareholder from an office 
of the accounting firm in which the lead audit engagement partner primarily practices in 
connection with the audit. 


= Other Financial Interests in Audit Clients: The following financial interests in the audit 
client by the firm, any covered person in the firm, or any member of his or her immediate 
family impair auditor independence: 


e Loans to or from an audit client, or an audit client's officers, directors, or beneficial 
owners with significant influence over the client. 


—This rule excludes loans obtained from financial institutions under normal lending 
circumstances, such as automobile loans or leases, loans fully collateralized by the 
cash surrender value of life insurance, loans fully collateralized by cash deposits 
at the financial institution, and student loans and mortgage loans (on a primary 
residence) obtained before the covered person was a covered person. 


e Savings and checking account balances that exceed the amount insured by the FDIC. 


e Broker-dealer accounts if the account includes assets other than cash or securities, or 
the amount in the account exceeds the insured amount. 


e Futures commission merchant accounts. 

e Consumer loans in excess of $10,000 on a current basis. 

e — Insurance products issued by an audit client. 

e Financial interest in an investment company complex that includes an audit client. 


= Exceptions: Investments or other financial interests in an audit client will not impair 
independence in the following circumstances: 


e The financial interest is received through an unsolicited gift or inheritance and 
is disposed of as soon as practicable, no later than 30 days after the person has 
knowledge of and the right to dispose of the financial interest. 


e  Inanew audit engagement, any person with a financial interest that would impair 
auditor independence disposes of the financial interest before the earlier of: 1) the 
signing of the initial engagement letter or other agreement to provide services; or 
2) the commencement of any audit, review, or attestation services. 


e Animmediate family member of a covered person has a financial interest that would 
impair independence as an unavoidable consequence of participation in his or her 
employer's employee compensation or benefits program and the financial interest 
is disposed of as soon as practicable, no later than 30 days after the person has 
knowledge of and the right to dispose of the financial interest. 
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= Audit Clients’ Financial Interests: The following financial relationships of the audit client 
impair auditor independence: 


e Investment by the audit client in the accounting firm. 


e Engagement of the accounting firm by the audit client to act as an underwriter, broker- 
dealer, market-maker, promoter, or analyst. 


4.2.2 Employment Relationships 


Employment relationships between the accountant and the audit client during the engagement 
period that impair auditor independence include: 


= Employment of a covered person by the audit client or service on the board of directors or 
other management or governing body of the audit client. 


= Employment of a close family member of a covered person in an accounting or financial 
reporting role at the audit client. 


= Employment at the audit client of a former member of the audit engagement team in an 
accounting role or a financial oversight role, unless the individual: 


1. does not influence the accounting firm's operations or financial policies; 
2. has no capital balances in the accounting firm; and 


3. has no financial arrangement with the accounting firm, other than one providing for 
regular payment of a fixed dollar amount (not dependent on the firm's revenues, 
profits, or earnings) that is either: 


—from a fully funded retirement plan or similar vehicle; or 


—immaterial to the former professional employee (only in the case of a former 
employee who was not a partner, principal, or shareholder and who has been 
disassociated from the firm for more than five years). 


= Employment at the audit client of a former member of the audit engagement team 
in a financial oversight role, if the individual was a member of the engagement team 
during the one-year period preceding the commencement of audit procedures 
(the "cooling-off" period). 


= Employment at the accounting firm of a former employee of the audit client, unless 
the individual does not participate in and is not in a position to influence, the financial 
statement audit of the audit client covering any period in which the individual was employed 
by or associated with the audit client. 


Pass Key 


SEC and PCAOB rules prohibit an accounting firm from auditing an issuer's financial 
statements if certain members of management of the issuer (members in financial 
oversight roles such as the CEO, CFO, or controller) had been members of the accounting 
firm's audit engagement team within the one-year period preceding the commencement of 
audit procedures (the required "cooling-off" period). The audit engagement team includes 
the lead partner, the concurring partner, and other individuals who provided more than 

10 hours of service during the annual audit period. 
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4.2.3 Business Relationships 


Direct or material indirect business relationships between the firm or any covered person in the 
firm and an audit client or persons participating in decision making for an audit client (officers, 
directors, substantial stockholders) impair auditor independence. 


4.2.4 Non-audit Services 


Auditor independence is impaired if any of the following non-audit services are provided during 
the audit and professional engagement period: 


= Bookkeeping or other services related to the accounting records or financial statements of 
the audit client 


Financial information systems design and implementation 

Appraisal or valuation services, fairness opinions, or contribution-in-kind reports 
Actuarial services 

Internal audit outsourcing services 

Management functions or human resources 


Broker or dealer, investment adviser, or investment banking services 


Legal services (including representing an audit client before a tax court, district court, or 
federal court of claims) 


=m Expert services unrelated to the audit 


4.2.5 Contingent Fees 


Independence is impaired by contingent fee or commission arrangements in which the 
accountant provides any service or product to the audit client for a contingent fee or a 
commission, or receives a contingent fee or commission from an audit client. 


4.2.6 Partner Rotation 


Failure of the lead audit partner and the concurring partner on the audit engagement team 
to rotate off the audit engagement after five years or failure of other audit partners to rotate 
off the audit engagement after no more than seven years impairs independence. (Other audit 
partners include partners who have responsibility for decision making on significant auditing, 
accounting, or reporting matters, or who maintain regular contact with management and the 
audit committee of the client.) 


= Required "Time-Out" Period: Lead partners and concurring partners are subject to a 
five-year "time-out" period before returning to an engagement. Other audit partners are 
subject to a two-year "time-out" period. 


= Small Firms: Small accounting firms with fewer than five clients who are issuers and have 
fewer than 10 partners may be exempted from the partner rotation requirement. 


4.2.7 Audit Committee Administration of the Engagement 


Auditor independence is impaired when the audit committee fails to administer the 
engagement. Audit committees are required to preapprove all audit, review, or attest 
engagements and all permissible non-audit services, including tax compliance, tax planning, and 
tax advice either on a case-by-case basis or pursuant to preestablished policies and procedures. 


= Preapproval Not Required: Preapproval is not required for non-audit services that do not 
exceed 5 percent of total revenues from the audit client during the fiscal year when services 
are provided, as long as the non-audit services are promptly brought to the attention of the 
audit committee and approved before the completion of the audit. 
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= Required Auditor Reporting to the Audit Committee: The auditor of an issuer's financial 
statements is required to report certain matters to the issuer's audit committee, including: 


e Critical accounting principles and practices used; 


e Alternative accounting treatments discussed with management, the ramifications of the 
use of the alternatives, and the treatment preferred by the audit firm; 


e Material written communications between the audit firm and management, including 
the management letter and the schedule of unadjusted audit differences. 


4.2.8 Compensation 


Auditor independence is impaired if an audit partner earns or receives compensation based on 
selling engagements to an audit client for services other than audit, review, and attest services. 
Audit partners include the lead audit partner, the concurring audit partner, and other audit 
partners who have responsibility for decision making on significant auditing, accounting, or 
reporting matters, or who maintain regular contact with management and the audit committee 
of the client. 


5 Additional Independence Requirements of the PCAOB 


The PCAOB's interim independence standards, as adopted from the AICPA Code of Professional 
Conduct, have been amended to align with the standards as outlined in Rule 2-01 of Regulation 
S-X. Additionally, the PCAOB has adopted certain permanent independence rules that impose 
incremental obligations on registered public accounting firms. 


5.1 PCAOB Independence Standards 


The following independence standards have been issued by the PCAOB. The collective PCAOB 
standards apply to all audits of issuers by registered firms. 


= Responsibility Not to Knowingly or Recklessly Contribute to Violations: A person 
associated with a registered public accounting firm should not take or omit to take an 
action knowing, or recklessly not knowing, that the action or omission would contribute to a 
violation by the registered public accounting firm of the Sarbanes-Oxley Act, the rules of the 
PCAOB, securities laws, rules of the SEC, or professional standards. 


= Auditor Independence: A registered public accounting firm and its associated persons 
must be independent of the firm's audit client throughout the audit and professional 
engagement period. 


= Contingent Fees: A registered public accounting firm may not provide services or products 
for a contingent fee (i.e., those in which the amount of the fee is dependent upon the results 
of the services performed) or a commission, or receive from the audit client a contingent fee 
or commission. 


= Tax Transactions: Registered public accounting firms may not provide to audit clients any 
tax services related to certain confidential or aggressive tax transactions. 


= Tax Services for Persons in Financial Reporting Oversight Roles: Registered public 
accounting firms may not provide any tax services to corporate officers of audit clients or to 
immediate family members of corporate officers. 


= Audit Committee Preapproval of Certain Tax Services: Proposed tax services and related 
fees must be communicated to the audit committee in writing. The potential effects of the 
services on the firm's independence should also be discussed with the audit committee, and 
this discussion must be documented. 
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= Audit Committee Preapproval of Non-audit Services Related to Internal Control Over 
Financial Reporting: Non-audit services related to internal control over financial reporting 
must be communicated to the audit committee in writing. The potential effects of the 
services on the firm's independence should also be discussed with the audit committee, and 
this discussion must be documented. 


= Communication With the Audit Committee Concerning Independence: Before accepting 
an initial engagement with an issuer and at least annually for each issuer audit client, a 
registered public accounting firm must describe in writing to the audit committee of the 
issuer all relationships that may reasonably be thought to bear on independence, discuss 
the potential effects of those relationships on the audit firm's independence, and document 
the discussion. As part of the annual communication, the audit firm must affirm, in writing, 
that the audit firm is independent as of the date of the communication. 
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Ethical and Independence 
Requirements: Part 2 


1 The Government Accountability Office (GAO) 


The U.S. Government Accountability Office (GAO), along with issuing Generally Accepted Government 
Auditing Standards (GAGAS), includes the following ethical principles and general standards: 


1.1. Ethical Principles 


The ethical principles of GAGAS provide the foundation that influences the application of 
GAGAS. The ethical principles that guide the work of auditors who conduct audits in accordance 
with GAGAS are serving the public interest, integrity, objectivity, proper use of governmental 
information, resources and positions, and professional behavior. 


= Serving the Public Interest: The public interest is defined as the collective well-being of the 
community of people and entities served by the auditor. 


= Integrity: Integrity includes auditors conducting their work with an attitude that is objective, 
fact-based, nonpartisan, and nonideological with regard to the audited entities and users of 
the auditors' reports. 


= Objectivity: Objectivity includes independence of mind and appearance when providing 
audits, maintaining an attitude of impartiality, having intellectual honesty, and being free of 
conflicts of interest. 


= Proper Use of Government Information, Resources, and Positions: The auditor is 
to use government information, resources, and positions for official purposes and not 
inappropriately for the auditor's personal gain. 


= Professional Behavior: Professional behavior includes an auditor's honest effort in 
the performance of professional services in accordance with the relevant technical and 
professional standards. The auditor must avoid any conduct that might bring discredit to 
the auditor's work, including actions that would cause an objective third party to conclude 
that the auditor's work was professionally deficient. 


1.2 General Standards 


The general standards provide guidance for performing financial audits, attestation 
engagements, and performance audits under GAGAS. The general standards address 
independence, professional judgment, competence, and quality control and assurance. 


1.2.1 Independence 


Independence includes the concepts of independence of mind and appearance. GAGAS provides 
a conceptual framework (described in greater detail below) to evaluate and respond to threats 
to independence. 


= Independence of Mind: An auditor's state of mind should permit the performance of an 
audit without being affected by influences that compromise professional judgment. 


= Independence in Appearance: Auditors should avoid circumstances that would cause a 
reasonable third party to conclude that independence has been compromised. 
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1.2.2 Professional Judgment 


Auditors must use professional judgment in planning and performing audits and in reporting the 
results. Professional judgment includes exercising reasonable care and professional skepticism. 


1.2.3 Competence 
The staff assigned to conduct the audit in accordance with GAGAS must collectively possess: 


=m The adequate professional competence needed to address the audit objectives and perform 
the work in accordance with GAGAS. 


= The technical knowledge, skills, and experience necessary to be competent for the type of 
work being performed before beginning work on the audit. 


1.2.4 Quality Control and Assurance 
Each audit organization performing audits in accordance with GAGAS must: 


= Establish and maintain a system of quality control that is designed to provide the audit 
organization with reasonable assurance that the organization and its personnel comply with 
professional standards and applicable legal and regulatory requirements. 


=m Have an external peer review at least once every three years. 


2 GAGAS Conceptual Framework for Independence 


2.1. Introduction 


Similar to the AICPA Code of Conduct, GAGAS independence guidance includes a conceptual 
framework for making independence determinations. The conceptual framework requires that 
the auditor: 


1. identify threats to independence; 
2. evaluate the significance of the threats identified, both individually and in the aggregate; and 


3. apply safeguards as necessary to eliminate the threats or reduce them to an 
acceptable level. 


If no safeguards are available to eliminate an unacceptable threat or reduce it to an acceptable 
level, independence would be considered to be impaired. 


2.2 Threats to Independence 
The following broad categories of threats to independence are identified by GAGAS: 


= Self-Interest Threat: Self-interest threat is the threat that a financial or other interest will 
inappropriately influence an auditor's judgment or behavior. 


= Self-Review Threat: Self-review threat is the threat that an auditor or audit organization 
that has provided non-audit services will not appropriately evaluate the results of previous 
judgments made or services performed as part of the non-audit services when forming a 
judgment significant to an audit. 


= Bias Threat: Bias threat is the threat that an auditor will, as a result of political, ideological, 
social, or other convictions, take a position that is not objective. 
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= Familiarity Threat: Familiarity threat is the threat that aspects of a relationship with 
management or personnel of an audited entity, such as a close or long relationship or 
that of an immediate or close family member, will lead an auditor to take a position that is 
not objective. 


= Undue Influence Threat: Undue influence threat is the threat that external influences or 
pressures will impact an auditor's ability to make independent and objective judgments. 


= Management Participation Threat: Management participation threat is the threat that 
results from an auditor's taking on the role of management or otherwise performing 
management functions on behalf of the entity undergoing an audit. 


= Structural Threat: Structural threat is the threat that an audit organization's placement 
within a government entity, in combination with the structure of the government entity 
being audited, will impact the audit organization's ability to perform work and report 
results objectively. 


2.3. Safeguards 


Safeguards are controls designed to eliminate or reduce to an acceptable level threats to 
independence. Under the conceptual framework, the auditor applies safeguards that address 
the specific facts and circumstances under which threats to independence exist. In some cases, 
multiple safeguards may be necessary to address a threat. Examples of safeguards include: 


=™ consulting an independent third party, such as a professional organization, a professional 
regulatory body, or another auditor; 


= involving another audit organization to perform or reperform part of the audit; 


= having a professional staff member who was not a member of the audit team review the 
work performed; and 


™ removing an individual from an audit team when that individual's financial or other interests 
or relationships pose a threat to independence. 


2.4 Evaluation of Non-audit Services 


The auditor should determine whether providing such a non-audit service would create a threat 
to independence, either by itself or in aggregate with other non-audit services provided, with 
respect to any GAGAS audit it performs. 


= <Acritical component of this determination is consideration of management's ability to 
effectively oversee the non-audit service to be performed. 


e The auditor should determine: 


—that the audited entity has designated an individual who possesses suitable skill, 
knowledge, or experience; and 


—that the individual understands the services to be performed sufficiently to 
oversee them. 


e The individual is not required to possess the expertise to perform or reperform 
the services. 


e The auditor should document consideration of management's ability to effectively 
oversee non-audit services to be performed. 
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= Auditors performing non-audit services for entities for which they perform audits should 
obtain assurance that audited entity management performs the following functions in 
connection with the non-audit services: 


e Assumes all management responsibilities; 


e Oversees the services, by designating an individual, preferably within senior 
management, who possesses suitable skill, knowledge, or experience; 


e Evaluates the adequacy and results of the services performed; and 


e Accepts responsibility for the results of the services. 


2.5 Management Participation Threat 


If an auditor were to assume management responsibilities for an audited entity, the 
management participation threat created would be so significant that no safeguards could 
reduce the threat to an acceptable level. 


Management responsibilities involve leading and directing an entity, including making decisions 
regarding the acquisition, deployment and control of human, financial, physical, and intangible 
resources. Whether an activity is a management responsibility depends on the facts and 
circumstances. The auditor exercises professional judgment in identifying these activities. 


Examples of activities that are considered management responsibilities and would therefore 
impair independence if performed for an audited entity include: 


= setting policies and strategic direction for the audited entity; 


= directing and accepting responsibility for the actions of the audited entity's employees in the 
performance of their routine, recurring activities; and 


=m having custody of an audited entity's assets. 


2.6 Documentation of Independence 


The independence standards require the auditor to document: 


= Threats to independence that require the application of safeguards, along with the 
safeguards applied, in accordance with the conceptual framework for independence. 


=m The safeguards if an audit organization is structurally located within a government entity 
and is considered independent based on those safeguards. 


= Consideration of audited entity management's ability to effectively oversee a non-audit 
service to be provided by the auditor. 


= The auditor's understanding with an audited entity for which the auditor will perform a 
non-audit service. 
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3 Department of Labor (DOL) 


The U.S. Department of Labor (DOL) has established guidelines for determining when a qualified 
public accountant is independent for the purpose of rendering an opinion on an employee 
benefit plan under the Employee Retirement Income Security Act of 1974 (ERISA). 


3.1 Independence Required 


Auditor independence is required when auditing and rendering an opinion on the financial 
information required to be submitted to the Employee Benefits Security Administration of the DOL. 


3.2. Impairment of Independence 


The following situations impair independence with respect to an employee benefit plan: 


= Any direct financial interest or a material indirect financial interest in the plan or the 
plan sponsor. 


Labor Department rules would consider independence to be impaired with respect to a plan 
if an interest is held during the period of the professional engagement, at the date of the 
opinion, or during the period covered by the financial statements which is more restrictive 
than the AICPA rules. 


= Connection to the plan or the plan sponsor as a promoter, underwriter, investment advisor, 
voting trustee, director, officer, or employee. 


=m An accountant or amember of the accounting firm maintains financial records for the 
employee benefit plan. 


3.3. Independence Not Impaired 
An accountant's independence is not impaired when: 


= A former officer or employee of the plan or plan sponsor is employed by the firm, the 
individual has completely disassociated from the plan or plan sponsor, and the individual 
does not participate in auditing the financial statements of the plan covering any period of 
his or her employment by the plan or plan sponsor. 


m= The accountant or the accountant's firm was engaged by the plan sponsor during the period 
of the professional engagement with the employee benefit plan. 


= An actuary associated with the accountant or the accountant's firm rendered services 
to the plan. 
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4 Summary of Independence Standards 


Summary of Independence Standards 


SOX/ 
AICPA PCAOB/SEC DOL 
Standards for 
assurance Standards 
engagements Standards for for audits of 

(issuer and audits/reviews |employee benefit 

nonissuer) of issuers plans 
The following items impair independence: 
Direct financial interest v v v 
Material indirect financial Interest v v v 
Nonfinancial institution loan to or from client v ve 
Employment at client of a former employee of the firm, unless the 
former employee cannot influence the firm and amounts owed to the v v 
former employee are immaterial 
Employment at client of a former employee of the firm as the client's Permitted with 
CEO, CFO, controller, etc., during the one-year period preceding the appropriate v 
commencement of audit procedures safeguards 
Employment at client of immediate/close family member in a J vw 
key position 
Individual who participates in the engagement is seeking or discussing 
potential employment with the client or has been offered employment wf if 
by the client, unless the individual notifies the firm and is removed from 
the engagement 
Former employee of the client participates on the engagement team 
when the engagement covers any period of the individual's employment v v v 
with the client 
Non-attest services: 
Bookkeeping v v v 
Financial information systems design and implementation v v 
Appraisal and valuation services v v 
Actuarial services v v 
Management (officer, director, or employee in management capacity) vf vw ff 
or human resources services 
Internal audit v v 
Service as broker, dealer, investment advisor, or investment banker v v v 
Legal services v v 
Expert services v v 
Overdue in payment of fees v v 
Actual or threatened litigation v v 
Contingent fees (audits, reviews, examinations) v v 
Significant gifts from clients v v 
Tax services related to confidential or aggressive tax transactions v 
Tax services to corporate officers of client or immediate family members v 
Partner compensated for selling services other than audit, review, and Ps 
attestation services 
The following items are required for independence: 
Audit committee preapproval v 
Lead and concurring audit partner rotation v 
Other audit partner rotation v 
Reporting to audit committee/those charged with governance v ff 

(covered in SASs) 
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